LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page allow incomming icmp request
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-25-2009, 01:58 AM   #1
sunlinux
Member
 
Registered: Feb 2006
Distribution: RHCL 5
Posts: 239

Rep: Reputation: 30
allow incomming icmp request

using ip tables , I want a selected IP could ping my system.
 
Old 05-25-2009, 10:01 AM   #2
rayfordj
Member
 
Registered: Feb 2008
Location: Texas
Distribution: Fedora, RHEL, CentOS
Posts: 488

Rep: Reputation: 78
Code:
iptables -I INPUT -p icmp -s 123.456.xxx.yyy -j ACCEPT
iptables -I INPUT 2 -p icmp -j DROP

man iptables
iptables -p icmp -h
 
Old 05-25-2009, 05:20 PM   #3
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
I'd add that if you want to get even more specific, you can use:
Code:
-p icmp --icmp-type 8
ICMP type numbers
 
Old 05-26-2009, 02:08 AM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
You also might wanna specify that the packet should not be fragmented:
Code:
iptables -A INPUT -p ICMP --icmp-type 8 ! --fragment -s 123.123.123.123 -j ACCEPT
And perhaps you want to be even more specific than that by being stateful:
Code:
iptables -A INPUT -p ICMP --icmp-type 8 ! --fragment -s 123.123.123.123 \
-m state --state NEW -j ACCEPT
If you've got more than one network interface, you could specify which one this should apply to:
Code:
iptables -A INPUT -p ICMP -i eth0 --icmp-type 8 ! --fragment -s 123.123.123.123 \
-m state --state NEW -j ACCEPT
You're gonna need to deal with the echo reply packets too. If your OUTPUT chain is sending all packets in state ESTABLISHED to ACCEPT (or has an ACCEPT policy), then you're good to go. Otherwise, you could use either of these approaches:
Code:
iptables -A OUTPUT -p ICMP -o eth0 --icmp-type 0 -d 123.123.123.123 \
-m state --state ESTABLISHED -j ACCEPT
Code:
iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
Generally speaking, the more specific you can be, the better.
Last edited by win32sux; 05-26-2009 at 02:11 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to create an icmp request call in the kernel? joblack Linux - Networking 6 07-25-2008 05:37 AM
issues reg ICMP timestamp and address mask request bzlaskar Linux - Networking 0 09-12-2007 12:13 AM
what is a ICMP echo request? tjyorkshire Linux - Networking 4 07-03-2007 11:12 AM
how to drop incomming icmp request sunlinux Linux - Networking 5 12-01-2006 06:26 AM
ICMP traffic archives/writing ICMP traffic in a file maia_1 Programming 0 07-20-2004 03:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:23 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration