LinuxQuestions.org - icmp_echo_ignore

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - icmp_echo_ignore_all override for 1 IP (https://www.linuxquestions.org/questions/linux-networking-3/icmp_echo_ignore_all-override-for-1-ip-48549/)

Kostko

03-06-2003 07:29 AM

icmp_echo_ignore_all override for 1 IP

I have using icmp_echo_ignore_all set to 1 and i would like to override it for a single IP address that should be allowed to get back ICMP echos. Is it possible to do it with iptables ?

Kostko

03-06-2003 08:27 AM

Re: icmp_echo_ignore_all override for 1 IP

ok, i have done it :) first i have to set icmp_echo_ignore_all to 0. then i have added this to my firewall script:

Code:

$IPTABLES -N ICMP_STUFF

$IPTABLES -A INPUT -i $EXTIF -p icmp -j ICMP_STUFF

$IPTABLES -A ICMP_STUFF -p icmp --icmp-type echo-request -s XXX.XXX.XXX.XXX -j ACCEPT

$IPTABLES -A ICMP_STUFF -p icmp --icmp-type echo-request -j DROP

where XXX.XXX.XXX.XXX is the IP address that can send icmp echo requests :)

All times are GMT -5. The time now is 10:01 AM.