Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-15-2013, 11:01 PM
|
#1
|
LQ Newbie
Registered: May 2010
Posts: 21
Rep:
|
can't save iptables rule
Attempted to drop incoming pings using "/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -j DROP" as root and then saved rule with "/sbin/service iptables save" I then pinged the host using "ping 192.168.1.8 and got the folloing result."---192.168.1.8 ping statistics--- 15 packets transmitted, 15 received, 0% packet loss, time 14221ms, rtt mim/avg/max/mdev = 0.385/0.550/0.734/0.105 ms" The rule shows as being saved in /etc/sysconfig/iptables. Why then is the host returning pings instead of dropping them. I'm using the bash shell on SL 6.4. I got the rule from an O'reilly book entitled Linux Security Cookbook. Is there another way to make this happen. Thanks in advance!
|
|
|
08-16-2013, 12:44 AM
|
#2
|
Member
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 665
Rep:
|
Please consider putting the commands and codes under [ code ] [ /code ] so it would be easy to read.
well the rule you had should have worked, cant say why it wouldnt:
TRY putting this rule:
Code:
iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP
if still not working try below, i found it on some random website:
Code:
iptables -A OUTPUT -p icmp -o eth0 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -s 0/0 -i eth0 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -s 0/0 -i eth0 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -s 0/0 -i eth0 -j ACCEPT
iptables -A INPUT -p icmp -i eth0 -j DROP
Last edited by SAbhi; 08-16-2013 at 12:47 AM.
|
|
|
08-16-2013, 02:32 AM
|
#3
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by cbider
The rule shows as being saved in /etc/sysconfig/iptables. Why then is the host returning pings instead of dropping them.
|
You checked your rule was saved, that's good, but have you checked rule order? Might be you have preceding rules that already allow ICMP out?
|
|
|
08-16-2013, 04:14 AM
|
#4
|
Member
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 665
Rep:
|
Quote:
Originally Posted by unSpawn
You checked your rule was saved, that's good, but have you checked rule order? Might be you have preceding rules that already allow ICMP out?
|
Correct
@cbider: can you share output from:
Code:
/sbin/iptables -L -v -n | more
OR
/sbin/iptables -t nat -L -v -n | more
|
|
|
08-16-2013, 11:46 PM
|
#5
|
LQ Newbie
Registered: May 2010
Posts: 21
Original Poster
Rep:
|
solved
Solved problem by using /etc/init.d/iptables restart, THEN pinged target from vm residing on it and also remote host and got nothing. After hitting ctrl-alt-c I got ping stats "57 packets transmitted, 0 received, 100% packet loss, time 56567ms". BINGO!!! Thanks to all who responded.
|
|
|
All times are GMT -5. The time now is 07:46 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|