Am 24.02.2016 um 15:42 schrieb John Cenile: > Hello, > > Is it possible at all to block all users other than root from sending > outbound ICMP packets on an interface? > > At the moment we have the following two rules in our IPtables config: > > iptables -A OUTPUT -o eth1 -m owner --uid-owner 0 -j ACCEPT > iptables -A OUTPUT -o eth1 -j DROP > > But this still allows ICMP for some reason (but *does* block other TCP/UDP > packets, which is what we want, as well as ICMP). > > Thanks. What do you want to achieve by not allowing outbound ICMP traffic? Are you aware that ICMP has a larger set of different types, several of them required for a functional network. Alexander