LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-10-2014, 02:37 AM   #1
thirstonlinux
Member
 
Registered: Jul 2011
Posts: 62

Rep: Reputation: Disabled
Iptables


Is there a difference between the following firewall rules. If so please explain me, I could not make out the difference.

iptables -t filter -A INPUT -s <IP> --icmp-type echo-request -j DROP

iptables -t filter -A INPUT -s <IP> -icmp-type echo-request -j DROP

iptables -t filter -A INPUT -s <IP> -p tcp -icmp-type echo-request -j DROP

iptables -t filter -A INPUT -s <IP> -p icmp -icmp-type echo-request -j DROP

iptables -t filter -A INPUT -s <IP> -p icmp --icmp-type echo-request -j DROP
 
Old 07-10-2014, 07:48 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,448

Rep: Reputation: Disabled
Quote:
Originally Posted by thirstonlinux View Post
Is there a difference between the following firewall rules. If so please explain me, I could not make out the difference.

iptables -t filter -A INPUT -s <IP> --icmp-type echo-request -j DROP
The syntax of this rule is invalid, as the --icmp-type subparameter can only be used when the ICMP protocol is explicitly specified.
Quote:
Originally Posted by thirstonlinux View Post
iptables -t filter -A INPUT -s <IP> -icmp-type echo-request -j DROP
The syntax of this rule is also invalid, as there's no such thing as an "-icmp-type" parameter.
Quote:
Originally Posted by thirstonlinux View Post
iptables -t filter -A INPUT -s <IP> -p tcp -icmp-type echo-request -j DROP
Same as above. Also, the TCP protocol (-p tcp) does not carry ICMP packets, so the --icmp-type subparameter wouldn't be valid either.
Quote:
Originally Posted by thirstonlinux View Post
iptables -t filter -A INPUT -s <IP> -p icmp -icmp-type echo-request -j DROP
Here you have specified the ICMP protocol, but the syntax of the subparameter is still wrong.
Quote:
Originally Posted by thirstonlinux View Post
iptables -t filter -A INPUT -s <IP> -p icmp --icmp-type echo-request -j DROP
This is the only rule with a valid syntax. It will drop ICMP Echo Request packets ("pings") from the host <IP> to any IP address assigned to the local host.
 
  


Reply

Tags
icmp, iptables, tcp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables error in android: iptables-save and iptables-restore not working preetb123 Linux - Mobile 5 04-11-2011 01:56 PM
On what basis CHAIN integer values are generated in IPtables under iptables file? haariseshu Linux - Server 3 11-05-2009 04:25 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 02:24 AM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration