LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-15-2013, 11:01 PM   #1
cbider
LQ Newbie
 
Registered: May 2010
Posts: 21

Rep: Reputation: 2
can't save iptables rule


Attempted to drop incoming pings using "/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -j DROP" as root and then saved rule with "/sbin/service iptables save" I then pinged the host using "ping 192.168.1.8 and got the folloing result."---192.168.1.8 ping statistics--- 15 packets transmitted, 15 received, 0% packet loss, time 14221ms, rtt mim/avg/max/mdev = 0.385/0.550/0.734/0.105 ms" The rule shows as being saved in /etc/sysconfig/iptables. Why then is the host returning pings instead of dropping them. I'm using the bash shell on SL 6.4. I got the rule from an O'reilly book entitled Linux Security Cookbook. Is there another way to make this happen. Thanks in advance!
 
Old 08-16-2013, 12:44 AM   #2
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 665

Rep: Reputation: Disabled
Please consider putting the commands and codes under [ code ] [ /code ] so it would be easy to read.

well the rule you had should have worked, cant say why it wouldnt:

TRY putting this rule:

Code:
iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP
if still not working try below, i found it on some random website:

Code:
iptables -A OUTPUT -p icmp -o eth0 -j ACCEPT          
iptables -A INPUT -p icmp --icmp-type echo-reply -s 0/0 -i eth0 -j ACCEPT     
iptables -A INPUT -p icmp --icmp-type destination-unreachable -s 0/0 -i eth0 -j ACCEPT  
iptables -A INPUT -p icmp --icmp-type time-exceeded -s 0/0 -i eth0 -j ACCEPT       
iptables -A INPUT -p icmp -i eth0 -j DROP

Last edited by SAbhi; 08-16-2013 at 12:47 AM.
 
Old 08-16-2013, 02:32 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603
Quote:
Originally Posted by cbider View Post
The rule shows as being saved in /etc/sysconfig/iptables. Why then is the host returning pings instead of dropping them.
You checked your rule was saved, that's good, but have you checked rule order? Might be you have preceding rules that already allow ICMP out?
 
Old 08-16-2013, 04:14 AM   #4
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 665

Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
You checked your rule was saved, that's good, but have you checked rule order? Might be you have preceding rules that already allow ICMP out?
Correct

@cbider: can you share output from:
Code:
/sbin/iptables -L -v -n | more

OR 

/sbin/iptables -t nat -L -v -n | more
 
Old 08-16-2013, 11:46 PM   #5
cbider
LQ Newbie
 
Registered: May 2010
Posts: 21

Original Poster
Rep: Reputation: 2
solved

Solved problem by using /etc/init.d/iptables restart, THEN pinged target from vm residing on it and also remote host and got nothing. After hitting ctrl-alt-c I got ping stats "57 packets transmitted, 0 received, 100% packet loss, time 56567ms". BINGO!!! Thanks to all who responded.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables: rule with RETURN target just after a rule with ACCEPT target Nerox Linux - Networking 6 09-04-2011 04:33 PM
iptables error in android: iptables-save and iptables-restore not working preetb123 Linux - Mobile 5 04-11-2011 02:56 PM
Restore iptables Rules that have been saved with iptables-save tiuz Linux - Security 4 08-14-2010 06:50 PM
iptables-save can't save settings Actionscript3 Linux - Software 4 01-29-2009 11:26 AM
iptables-save, iptables-restore, how to set up them in some script sarajevo Linux - Networking 1 03-25-2008 12:39 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration