[CentOS] IPtables block user from outbound ICMP
Alexander Dalloz
ad+lists at uni-x.org
Wed Feb 24 18:42:29 UTC 2016
Am 24.02.2016 um 15:42 schrieb John Cenile:
> Hello,
>
> Is it possible at all to block all users other than root from sending
> outbound ICMP packets on an interface?
>
> At the moment we have the following two rules in our IPtables config:
>
> iptables -A OUTPUT -o eth1 -m owner --uid-owner 0 -j ACCEPT
> iptables -A OUTPUT -o eth1 -j DROP
>
> But this still allows ICMP for some reason (but *does* block other TCP/UDP
> packets, which is what we want, as well as ICMP).
>
> Thanks.
What do you want to achieve by not allowing outbound ICMP traffic?
Are you aware that ICMP has a larger set of different types, several of
them required for a functional network.
Alexander
More information about the CentOS
mailing list