multiple targets
Thomas Stivers
stivers_t at tomass.dyndns.org
Tue Dec 16 19:53:56 EST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/16/03 7:08 PM -0500, igueths at comcast.net wrote:
> Hi all. I think this iis possible according to my interpretation of the
> iptables manpage, however I am not sure. Is it possible to write one rule
> for the input chain to let's say, log all icmp-echo-reply packets, and then
> another rule for the input chain that drops the icmp-echo-reply packets? I
> think this is possible, since as far as I know every packet travels through
> the desired chain (s) until a rule or set of rules is encountered for the
> packet (s)?
Yes this is possible though I don't see why you want to stop echo
replies instead of echo requests. Here are some example rules.
iptables -A INPUT -p icmp --icmp-type echo-reply -j LOG
iptables -A INPUT -p icmp --icmp-type echo-reply -j DROP
The chain will be traversed until it is accepted, rejected, or dropped
and if none of these happens the policy for the chain will apply. Many
of the example rulesets use a logdrop user defined chain to log then
drop packets.
As always YMMV.
- --
Clarke's Corollary:
Any technology distinguishable from magic is insufficiently advanced.
Thomas Stivers e-mail: stivers_t at tomass.dyndns.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/36kj5JK61UXLur0RAnl+AJ9AU7EF1mFqc8oKQIpBckvBNzWk4gCcCnxh
JbtTBjWykukvNN0XyhFgujw=
=p0r2
-----END PGP SIGNATURE-----
More information about the Speakup
mailing list