If you want to get serious about firewalls, I suggest picking up a good book.
My favorite so far is "Linux Firewalls" by Robert L. Ziegler.
Of course there are tons of resources on the net that can be very helpful too!
Good luck!
-----Original Message----- From: centos-admin@caosity.org [mailto:centos-admin@caosity.org]On Behalf Of scty Library Sent: Friday, August 13, 2004 8:27 AM To: centos Linux Subject: Re: [Centos] Messing around with iptables
Hello all,
Thanks for all your advice I will probably use one of the distro/products suggested.
I did figure out why it didn't work. I already had the RH firewall enabled so that took precedences. When I disabled it I was then able to use that command and it worked just fine.
Thanks again.
--- Dag Wieers dag@wieers.com wrote:
On Thu, 12 Aug 2004, scty Library wrote:
No, that did not work either.
Allow me to demonstrate this one:
[root@emyn ~]# ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.049 ms 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.047 ms
--- 127.0.0.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 0.047/0.048/0.049/0.001 ms, pipe 2
[root@emyn ~]# iptables -A INPUT -d 127.0.0.1 -p icmp -j DROP
[root@emyn ~]# ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
--- 127.0.0.1 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1002ms
[root@emyn ~]# iptables -L INPUT -xnv Chain INPUT (policy ACCEPT 29425 packets, 14876789 bytes) pkts bytes target prot opt in out source destination 2 168 DROP icmp -- * * 0.0.0.0/0 127.0.0.1
[root@emyn ~]# iptables -D INPUT -d 127.0.0.1 -p icmp -j DROP
[root@emyn ~]# ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.050 ms 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.047 ms
--- 127.0.0.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1017ms rtt min/avg/max/mdev = 0.047/0.048/0.050/0.007 ms, pipe 2
It should be the same for you.
Kind regards, -- dag wieers, dag@wieers.com, http://dag.wieers.com/ -- [Any errors in spelling, tact or fact are transmission errors]
__________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail _______________________________________________ CentOS mailing list CentOS@caosity.org http://www.caosity.org/mailman/listinfo/centos