blocking icmp protocol
Barry Brimer
lists at brimer.org
Sun Dec 17 19:03:37 UTC 2006
> i can't disable the icmp with iptables
> i made the following command
>
> iptables -A INPUT -p icmp -s 192.168.1.125 -j DROP
>
> but still this ip can ping my host
Using iptables -A "appends" the rule to your INPUT chain. Iptables uses a
"first match wins" approach. By appending this rule to the input chain,
you are allowing all other existing rules to make a decision about these
packets before the rule you are adding.
Try changing your rule to this:
iptables -I INPUT -p icmp -s 192.168.1.125 -j DROP
This will "insert" the rule at the top of the INPUT chain, instead of
appending it at the bottom.
Hope this helps.
Barry
More information about the redhat-list
mailing list