Drop pings from specific IP address -- another question at Bottom
 

I need to drop pings from a specific IP address becouse some of my friends use our school LTSP server via VNC as a proxy when scanning me


I would usaly use
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

which works Great if I wanted to drop all ICMP ping requests from Everyone
but I need just to drop pings from my school Thanks!

I need a rule I can use with IPtables
Im running IPcop 1.3.0

I believe something like this might work:

iptables -A INPUT -i eth0 -p ICMP -s 1.2.3.4 -j DROP

Just replace 1.2.3.4 with your school's IP and eth0 with the interface you want to watch

Any more suggestions??
 

I added that rule then connected to our LTSP server and could still ping my ip

Any more suggestions?? Thanks!

make sure there isn't any rules before that one which allows the ping to go through

when I do iptables -L its a little confusing about the groups their in and the orders. I dont really know that much about it to switch orders or delete somthing :(

Ok in that case try using -I instead of -A, so the rule gets inserted to the top of the chain instead of appending to the bottom. In fact while you're at it you might want to block ping specificly instead of all icmp, and maybe do some logging.

Thanks

Very sorry about the dubble Post here!


Ok now It comes to saving my rules, I read that the rules are set to memory and after a reboot they are flushed, and thats what happened.

I googled for saving iptables rules and found This


But it says no such servace, This is for redhat but thought it may be close enough

If anyone knows how to save iptables rules for IPCop 1.3.0 I would love your help!

try putting the commands in /etc/rc.d/rc.local

Nope.......
 

no rc.local in that dir

rc.firewall? yet I dont see anywhere to put it in there ether :(

put it in rc.firewall then, right after

/sbin/iptables -P OUTPUT ACCEPT