Help with fine-tuning Firestarter

LuggerHouse · 12-09-2010, 11:13 AM

Hello Group,

I need to allow ICMP ping for one host only... I found out how to enable it to all hosts (ICMP Filtering, check ping) but I would like to reduce the scope to one host...

I know I can add rules in the user_post script but I can't find the correct iptables command ...

thanks!

win32sux · 12-09-2010, 11:27 AM

To allow the Firestarter host to ping one host (example):

Code:

iptables -A OUTPUT -p ICMP --icmp-type 8 -d 192.168.45.217 -j ACCEPT

To allow the Firestarter host to pinged by one host (example):

Code:

iptables -A INPUT -p ICMP --icmp-type 8 -s 192.168.45.217 -j ACCEPT

LuggerHouse · 12-09-2010, 12:53 PM

Quote:

Originally Posted by win32sux

To allow the Firestarter host to pinged by one host (example):

Code:

iptables -A INPUT -p ICMP --icmp-type 8 -s 192.168.45.217 -j ACCEPT

Hello, tried that already and it won't work... It look like firestarter has some special filtering rules for ICPM...

LuggerHouse · 12-09-2010, 01:10 PM

Got it!!

I added

$IPT -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -s 192.168.20.1 -j ACCEPT
$IPT -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -s 192.168.20.1 -j ACCEPT

in the /etc/firestarter/user_pre...

I was always using user_post file...

Well It works now

P.S. 192.168.20.1 is not the Ip I used ;-)

win32sux · 12-09-2010, 05:49 PM

Actually, the user-post file would work fine (just use -I instead of -A in your rules).