how can i block traceroute or tracert with iptables?

mizogomo · 05-19-2013, 04:51 AM

hi friends

sorry english me is bad

how can i block traceroute or tracert with iptables?

thanks plz help me

Ygrex · 05-19-2013, 12:30 PM

what do you mean by blocking?
1. to restrict running these tools locally?
2. to avoid sending replies to other hosts if initiated by these tools?
3. prevent your clients to use these tools for investigating any other hosts?

also it can be helpful to know why do you need to do this

mizogomo · 05-19-2013, 02:03 PM

hello

plz explain All items .

i need all

thanks

Ygrex · 05-19-2013, 11:44 PM

really? add this rule to iptables:

Code:

-p icmp -m icmp --icmp-type time-exceeded -j DROP

1. filter/INPUT
2. filter/OUTPUT
3. filter/FORWARD

mizogomo · 05-21-2013, 01:46 AM

Quote:

Originally Posted by Ygrex

really? add this rule to iptables:

Code:

-p icmp -m icmp --icmp-type time-exceeded -j DROP

1. filter/INPUT
2. filter/OUTPUT
3. filter/FORWARD

hi friend

plz say full rul

can not work this rul

thanks

Ygrex · 05-21-2013, 02:25 AM

ok, say the full error message you get

mizogomo · 05-21-2013, 02:06 PM

Quote:

Originally Posted by Ygrex

ok, say the full error message you get

hi ygrex

thanks for help to me. you are good my friend

sorry english me is bad

the message has :

root@bt:~# -p icmp -m icmp --icmp-type time-exceeded -j DROP
-p: command not found
root@bt:~#

ygrex do you have email address? I think you can learn a lot linux and iptables.

thanks master

chrism01 · 05-21-2013, 08:13 PM

Have a look at these
http://wiki.centos.org/HowTos/Network/IPTables
http://www.cyberciti.biz/faq/rhel-fe...tion-tutorial/