What about ICMP redirection? You dont really want allow this in!
What my iptable ruleset intends on doing (and I hope succeeds) is allow all
outgoing icmp requests (and their replies) to get through, but not allow any
inbound icmp traffic initiated from the external interface side.
Claude
----- Original Message -----
From: "Marcus Zoller" <[EMAIL PROTECTED]>
To: "Claudio Mio" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, May 30, 2002 7:27 PM
Subject: Re: sendto: Operation not permitted
> Am Fre, 2002-05-31 um 04.02 schrieb Claudio Mio:
> > iptables -A INPUT -p icmp -i ${LAN_IF} -j LOG
> > iptables -A OUTPUT -p icmp -o ${LAN_IF} -j LOG
>
> By the way: If you want to block pings to your machine,
> do this by blocking icmp INPUT with message-type 8 (echo-request).
>
> Never ever block all ICMP from/to your machine! This will break nearly
> anything. The minimum you must ACCEPT for input and output is message
> type 3 and 11.
>
> marcus
>
>
