Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
10-13-2004, 04:02 PM
|
#1
|
|
Member
Registered: Aug 2004
Location: Maine
Distribution: Gentoo Linux
Posts: 239
Rep: 
|
Drop pings from specific IP address -- another question at Bottom
I need to drop pings from a specific IP address becouse some of my friends use our school LTSP server via VNC as a proxy when scanning me
I would usaly use
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
which works Great if I wanted to drop all ICMP ping requests from Everyone
but I need just to drop pings from my school Thanks!
I need a rule I can use with IPtables
Im running IPcop 1.3.0
Last edited by GUIPenguin; 10-13-2004 at 09:15 PM.
|
|
|
|
|
10-13-2004, 04:42 PM
|
#2
|
|
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,756
|
I believe something like this might work:
iptables -A INPUT -i eth0 -p ICMP -s 1.2.3.4 -j DROP
Just replace 1.2.3.4 with your school's IP and eth0 with the interface you want to watch
|
|
|
|
|
10-13-2004, 05:10 PM
|
#3
|
|
Member
Registered: Aug 2004
Location: Maine
Distribution: Gentoo Linux
Posts: 239
Original Poster
Rep:
|
Any more suggestions??
I added that rule then connected to our LTSP server and could still ping my ip
Any more suggestions?? Thanks!
Last edited by GUIPenguin; 10-13-2004 at 05:14 PM.
|
|
|
|
|
10-13-2004, 05:49 PM
|
#4
|
|
Guru
Registered: Aug 2003
Location: Sydney, Australia
Distribution: Gentoo
Posts: 1,796
Rep:
|
make sure there isn't any rules before that one which allows the ping to go through
|
|
|
|
|
10-13-2004, 06:26 PM
|
#5
|
|
Member
Registered: Aug 2004
Location: Maine
Distribution: Gentoo Linux
Posts: 239
Original Poster
Rep:
|
when I do iptables -L its a little confusing about the groups their in and the orders. I dont really know that much about it to switch orders or delete somthing  |
|
|
|
|
10-13-2004, 06:46 PM
|
#6
|
|
Guru
Registered: Aug 2003
Location: Sydney, Australia
Distribution: Gentoo
Posts: 1,796
Rep:
|
Ok in that case try using -I instead of -A, so the rule gets inserted to the top of the chain instead of appending to the bottom. In fact while you're at it you might want to block ping specificly instead of all icmp, and maybe do some logging.
Code:
iptables -I INPUT -m limit -p icmp --icmp-type echo-request -s 1.2.3.4 -j LOG --log-prefix="evil ping..."
iptables -I INPUT -p icmp --icmp-type echo-request -s 1.2.3.4 -j DROP
Last edited by Demonbane; 10-13-2004 at 06:52 PM.
|
|
|
|
|
10-13-2004, 06:52 PM
|
#7
|
|
Member
Registered: Aug 2004
Location: Maine
Distribution: Gentoo Linux
Posts: 239
Original Poster
Rep:
|
Thanks
Last edited by GUIPenguin; 10-13-2004 at 09:08 PM.
|
|
|
|
|
10-13-2004, 09:13 PM
|
#8
|
|
Member
Registered: Aug 2004
Location: Maine
Distribution: Gentoo Linux
Posts: 239
Original Poster
Rep:
|
Very sorry about the dubble Post here!
Ok now It comes to saving my rules, I read that the rules are set to memory and after a reboot they are flushed, and thats what happened.
I googled for saving iptables rules and found This
But it says no such servace, This is for redhat but thought it may be close enough
If anyone knows how to save iptables rules for IPCop 1.3.0 I would love your help! |
|
|
|
|
10-13-2004, 09:30 PM
|
#9
|
|
Guru
Registered: Aug 2003
Location: Sydney, Australia
Distribution: Gentoo
Posts: 1,796
Rep:
|
try putting the commands in /etc/rc.d/rc.local
|
|
|
|
|
10-13-2004, 09:44 PM
|
#10
|
|
Member
Registered: Aug 2004
Location: Maine
Distribution: Gentoo Linux
Posts: 239
Original Poster
Rep:
|
Nope.......
no rc.local in that dir
rc.firewall? yet I dont see anywhere to put it in there ether |
|
|
|
|
10-13-2004, 10:18 PM
|
#11
|
|
Guru
Registered: Aug 2003
Location: Sydney, Australia
Distribution: Gentoo
Posts: 1,796
Rep:
|
put it in rc.firewall then, right after
/sbin/iptables -P OUTPUT ACCEPT
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 01:39 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
