[CentOS] IPtables block user from outbound ICMP
Always Learning
centos at u64.u22.net
Fri Feb 26 04:04:04 UTC 2016
On Thu, 2016-02-25 at 07:19 +0000, James Hogarth wrote:
> Well if you really want to call it a problem... Blocking ICMP via a host
> based firewall remains pretty silly.
On all servers I used IPtables to block (DROP) all incoming ICMPs
except:-
type 0 state RELATED,ESTABLISHED
type 3 state RELATED,ESTABLISHED
type 8 state NEW,RELATED,ESTABLISHED
type 11 state RELATED,ESTABLISHED
All outgoing ICMPs are blocked except for:-
type 0 state RELATED,ESTABLISHED
type 8 state NEW,RELATED,ESTABLISHED
Am I silly too ;-)
--
Regards,
Paul.
England, EU. England's place is in the European Union.
More information about the CentOS
mailing list