Reject icmp packet thru iptables
From: Shiraz Baig (shiraz_baig_at_yahoo.com)
Date: 02/21/05
- Previous message: Gavin Young: "RHEL v4 Install on sil3114 SATA RAID Controller"
- Next in thread: Manuel Arostegui Ramirez: "Re: Reject icmp packet thru iptables"
- Reply: Manuel Arostegui Ramirez: "Re: Reject icmp packet thru iptables"
- Reply: Michael Schwendt: "Re: Reject icmp packet thru iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 20 Feb 2005 20:35:59 -0800 (PST) To: redhat <redhat-list@redhat.com>
Sir,
I am trying to see the working of iptables. I read the
relevantHOWTOs and tried an experiment to get an icmp
packet rejected. This experiment is from one of the
HOWTOs. But my experiment has not succeeded.
Could someone tell me why my ICMP packet was not
rejected in spite of the fact that rules show that it
should be rejected.
Here is what I did.
Step 1:
I did the following to test that icmp protocol packets
are allowed:
#ping -c 1 127.0.0.1
I got the response:
--- 127.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss,
time 0ms
It showed icmp packets can go thru.
Step 2:
I checked the rules to make sure the above fact.
#iptables -L
I got the response:
--------- response ----------
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere
anywhere
................ remaining skipped ............
Step 3:
Now I gave a command to deny the icmp proto packets.
# iptables -A INPUT -s 127.0.0.1 -p icmp -j REJECT
Step 4:
Now I wanted to check that the icmp proto packets are
not allowed.
First I checked the rules.
#iptables -L
I got the response:
--------- response ---------------------
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere
anywhere
REJECT icmp -- localhost.localdomain anywhere
reject-with icmp-port-unreachable
.................. remaining clipped .............
Step 5:
Now I gave the command ping to see that icmp packets
are rejected.
# ping -c 1 127.0.0.1
I got the response:
--- 127.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss,
time 0ms
It showed that the packet was not rejected. It is
stilll allowed to pass thru.
Question
My question is why this packet was not rejected. The
ruleset shows that this packet should be rejected. But
it has been accepted. Why?
bye
shiraz
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Gavin Young: "RHEL v4 Install on sil3114 SATA RAID Controller"
- Next in thread: Manuel Arostegui Ramirez: "Re: Reject icmp packet thru iptables"
- Reply: Manuel Arostegui Ramirez: "Re: Reject icmp packet thru iptables"
- Reply: Michael Schwendt: "Re: Reject icmp packet thru iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
