LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Iptables TTL matchs (http://www.linuxquestions.org/questions/linux-security-4/iptables-ttl-matchs-801822/)

reaven 04-13-2010 02:56 PM

Iptables TTL matchs
 
HI, I want to block incoming and outgoing traffic that match a TTL range 65-255 is possible to do it in one line since the ttl match only have eq, gt and lt ?

this is what I have.

Code:

Iptables A INPUT -m ttl --ttl-gt 65 j DROP
Iptables A INPUT -m ttl --ttl-lt 255 j DROP
Iptables A OUTPUT -m ttl --ttl-gt 65 j DROP
Iptables A OUTPUT -m ttl --ttl-lt 255 j DROP


win32sux 04-13-2010 03:37 PM

Welcome to LQ! :)
Quote:

Originally Posted by reaven (Post 3934430)
HI, I want to block incoming and outgoing traffic that match a TTL range 65-255 is possible to do it in one line since the ttl match only have eq, gt and lt ?

this is what I have.

Code:

Iptables A INPUT -m ttl --ttl-gt 65 j DROP
Iptables A INPUT -m ttl --ttl-lt 255 j DROP
Iptables A OUTPUT -m ttl --ttl-gt 65 j DROP
Iptables A OUTPUT -m ttl --ttl-lt 255 j DROP


Since 255 is the max you'd already be achieving your objective on the first line. Well, you'd need to change it to a 64 if you want to include 65, but still, my point is that your second line for each chain is not only unnecessary, but also erroneous (due to the fact that it would filter packets with TTL < 65 too). I believe this should suffice:
Code:

iptables -A INPUT -m ttl --ttl-gt 64 -j DROP
iptables -A OUTPUT -m ttl --ttl-gt 64 -j DROP


reaven 04-13-2010 03:58 PM

thanks a lot and glad to be here !


All times are GMT -5. The time now is 11:55 PM.