ping

Protecting your Linux box

ping

Postby venky145 » Wed Jan 17, 2007 1:39 pm

hi

how to deny my server ping except one system.
venky145
Havaldaar
 
Posts: 118
Joined: Thu Jan 13, 2005 2:35 pm
WLM: ranga72
Yahoo Messenger: venky145
Location: qatar

Postby lambda » Wed Jan 17, 2007 1:49 pm

with an iptables output rule that allows icmp echo/echoreply to that host, and blocks it for all others.

be sure to make your rule operate on echo and echoreply packets only -- you don't want to block all icmp traffic.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby sakimustafa » Wed Jan 17, 2007 2:11 pm

Dear,
Just type this:
iptables -A OUTPUT -d ! 10.0.40.2 -p icmp -j DROP
Best Regards,
SAKI
8801712764543
sakimustafa
Lance Naik
 
Posts: 41
Joined: Sat Jan 13, 2007 1:36 pm
Yahoo Messenger: sakimumustafa@yahoo.com
Location: Bangladesh

Postby lambda » Wed Jan 17, 2007 2:45 pm

which means now your system won't deal with traceroute or send icmp unreachable port messages to other hosts.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron