||04-13-2010 03:37 PM
Welcome to LQ! :)
Originally Posted by reaven
HI, I want to block incoming and outgoing traffic that match a TTL range 65-255 is possible to do it in one line since the ttl match only have eq, gt and lt ?
this is what I have.
Iptables –A INPUT -m ttl --ttl-gt 65 –j DROP
Iptables –A INPUT -m ttl --ttl-lt 255 –j DROP
Iptables –A OUTPUT -m ttl --ttl-gt 65 –j DROP
Iptables –A OUTPUT -m ttl --ttl-lt 255 –j DROP
Since 255 is the max you'd already be achieving your objective on the first line. Well, you'd need to change it to a 64 if you want to include 65, but still, my point is that your second line for each chain is not only unnecessary, but also erroneous (due to the fact that it would filter packets with TTL < 65 too). I believe this should suffice:
iptables -A INPUT -m ttl --ttl-gt 64 -j DROP
iptables -A OUTPUT -m ttl --ttl-gt 64 -j DROP