@# Quotes DB     useful, funny, interesting

Web www.quotesdb.info

Undernet  |  EFnet  |  Quakenet  |  Freenode  |  Dalnet  |  Ircnet  |  Galaxynet Comments: <0> how can i prevent icmp unreachables being sent? <0> i'm a pf man, not so good with iptables <1> $IPTABLES -A INPUT -p icmp -i $EXTIF -j DROP <1> would prolly do the trick <1> http://tatari.ath.cx/linux/rc.firewall <-- I have some more stuff you might find usefull in there <0> TAtari: tcpdump is still showing unreachables screaming by <0> # iptables -A INPUT -p icmp -i eth0 -j DROP <1> are you pinging yourself? <0> no <0> 81.110.242.129 > 81.235.152.78: ICMP 81.110.242.129 tcp port 6884 unreachable, length 60 <0> 81.110.242.129 > 67.167.138.119: ICMP 81.110.242.129 tcp port 6884 unreachable, length 56 <1> hmm... prolly some extra flag you need to set... I havnt messed around that much with icmp since I never really cared about it :) <0> well im pretty lost on iptabls <0> iptables -A OUTPUT -p icmp -j DROP <0> and that aint stopping it <1> printf " Reply to ICMP Ping " <1> if [ $ICMP_PING == 0 ]; then <1> $IPTABLES -A INPUT -p icmp --icmp-type echo-reply -s 0/0 -i $EXTIF -j ACCEPT <1> $IPTABLES -A INPUT -p icmp --icmp-type destination-unreachable -s 0/0 -i $EXTIF -j ACCEPT <1> $IPTABLES -A INPUT -p icmp --icmp-type time-exceeded -s 0/0 -i $INTIF -j ACCEPT <1> $IPTABLES -A INPUT -p icmp -i $EXTIF -j DROP <1> fi <1> print_status $ICMP_PING <1> that's mu icmp setting... you can try them but I don't think they will change the outcome <1> guess you have to play around with the --icmp-type destination-unreachable <0> if -p icmp, that would include all icmp types wouldnt it? <1> I would think so... was ages since I wrote that part of the script and theres got to be a reason why I'm accepting the special types <0> i found this <0> $IPTABLES -A EXTIN -j REJECT <0> $IPTABLES -A EXTIN -j DROP <0> second is what i changed it to <0> seems to work <0> i spoke too soon <1> where do you have the tcpdump? on the firewalled computer or the ping computer <0> firewalled Name: Comments: Please enter the result of the sum 63 + 46 (to avoid spam): Return to #iptables or Go to some related logs: #unixhelp usabilitynet.com Can't connect to spamd on port 8026: Connection refused twilight crazy bytes amlyn nigeria Laughter wave file #computers #gentoo forced proxy timeout #gentoo Home  |  disclaimer  |  contact  |  submit quotes