[CentOS] IPtables block user from outbound ICMP
Alexander Dalloz
ad+lists at uni-x.orgWed Feb 24 18:42:29 UTC 2016
- Previous message: [CentOS] IPtables block user from outbound ICMP
- Next message: [CentOS] CentOS 7 SELinux issue
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am 24.02.2016 um 15:42 schrieb John Cenile: > Hello, > > Is it possible at all to block all users other than root from sending > outbound ICMP packets on an interface? > > At the moment we have the following two rules in our IPtables config: > > iptables -A OUTPUT -o eth1 -m owner --uid-owner 0 -j ACCEPT > iptables -A OUTPUT -o eth1 -j DROP > > But this still allows ICMP for some reason (but *does* block other TCP/UDP > packets, which is what we want, as well as ICMP). > > Thanks. What do you want to achieve by not allowing outbound ICMP traffic? Are you aware that ICMP has a larger set of different types, several of them required for a functional network. Alexander
- Previous message: [CentOS] IPtables block user from outbound ICMP
- Next message: [CentOS] CentOS 7 SELinux issue
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list