1 |
# iptables -L allow-icmp-traffic |
2 |
|
3 |
Chain allow-icmp-traffic (2 references) |
4 |
target prot opt source destination |
5 |
ACCEPT icmp -- anywhere anywhere icmp time-exceeded |
6 |
limit: avg 10/sec burst 5 |
7 |
ACCEPT icmp -- anywhere anywhere icmp |
8 |
destination-unreachable limit: avg 10/sec burst 5 |
9 |
ACCEPT icmp -- anywhere anywhere icmp source-quench |
10 |
limit: avg 10/sec burst 5 |
11 |
ACCEPT icmp -- anywhere anywhere icmp echo-request |
12 |
limit: avg 5/sec burst 5 |
13 |
ACCEPT icmp -- anywhere anywhere icmp echo-reply |
14 |
limit: avg 5/sec burst 5 |
15 |
LOG icmp -- anywhere anywhere LOG level warning |
16 |
prefix `Bad ICMP traffic:' |
17 |
REJECT icmp -- anywhere anywhere |
18 |
|
19 |
Something like this? |
20 |
|
21 |
Troy |
22 |
-- |
23 |
And the glory of the LORD shall be revealed, and all flesh shall see it |
24 |
together: for the mouth of the LORD hath spoken it. |
25 |
Isaiah 40.5 |
26 |
|
27 |
Ryan Voots wrote: |
28 |
> On Thu, 8 Jan 2004 16:17:49 +0100 "Oliver Schad" <o.schad@×××.de> Add to |
29 |
> Address Book wrote: |
30 |
> |
31 |
>> Probably you think ICMP is dangerous too. There are a lot of brain dead |
32 |
>> admins who blocks ICMP packets and they wonder why connections to some |
33 |
>> websites are broken or if they administrate the packet filter before a |
34 |
>> webserver they wonder why some user grouches they wouldn't get a connection |
35 |
>> to the web server. |
36 |
> |
37 |
> |
38 |
> thats one reason i don't block it, some services and things use it to look |
39 |
> for hosts that are up, what i wish i could do is some type of limit where it |
40 |
> would only send replies to them at a certain rate, just so that a ping -f on |
41 |
> 12 machines to my machine wouldn't cause a huge bandwidth surge from my |
42 |
> machine. |
43 |
> |
44 |
> -----BEGIN GEEK CODE BLOCK---- Version: 3.1 GCS/CM/E/M/S/O d--(-) s:+>:- |
45 |
> a--->-->->>+>++>+++$ C+++>++++$ UL++++>++++$ P+++>++++$ L++++>++++$ !E-? |
46 |
> W++>++$>+++$ N++>* !o? !K? w--->---$ O-- M-@ !V--? PS+++(++(+((-)))) PE |
47 |
> Y+(++)@ PGP+++(++) t+++>+++$ 5--(-)@ X++@>+++@ R+(++)@ tv+++@>++@ b+>++ |
48 |
> DI++++ D+++@ G+++>++++ e>+$>++$>+++$>++++$>+++++$ h+>++ r*(--(++))@ |
49 |
> !y+>-->->+++@ -----END GEEK CODE BLOCK----- |
50 |
|
51 |
|
52 |
-- |
53 |
gentoo-security@g.o mailing list |