Iptables Inbound ICMP

In this sample iptables_in_icmp_programs.cfg, we filter inbound ICMP message traffic. 

///////////////////////////////////////////////////////////////////////////////
//
// iptables_in_icmp_programs.cfg
//
///////////////////////////////////////////////////////////////////////////////

        // IN_ICMP - filter inbound icmp messages
        
        =iptables -N IN_ICMP
        for sip in $PING; do
            =iptables -A IN_ICMP -p icmp --icmp-type echo-request -s $sip -j ACCEPT
            =iptables -A IN_ICMP -p icmp --icmp-type echo-reply   -s $sip -j ACCEPT
        done
        =iptables -A IN_ICMP -p icmp --icmp-type destination-unreachable -j ACCEPT
        =iptables -A IN_ICMP -p icmp --icmp-type source-quench -j ACCEPT
        =iptables -A IN_ICMP -p icmp --icmp-type time-exceeded -j ACCEPT
        =iptables -A IN_ICMP -p icmp --icmp-type parameter-problem -j ACCEPT
        =iptables -A IN_ICMP -j LOG --log-prefix "IPT IN ICMP: " =logopt
        =iptables -A IN_ICMP -j DROP

///////////////////////////////////////////////////////////////////////////////

This iptables_in_icmp_programs.cfg file is #included by the higher-level iptables_programs.cfg file.  In that file, we might have code invoking the IN_ICMP chain as follows: 

        =iptables -A IN_NETWORK -p icmp -j IN_ICMP

Open Hand For more examples, see Samples.

Home | FAQ | News | Intro | Samples | Tutorial | Reference | Software
Developer's Notes | Licensing | Authors | Pikt-Users | Pikt-Workers | Related Projects | Site Index | Privacy Policy | Contact Us
Page best viewed at 1024x768 or greater.   Page last updated 2008-09-06.   This site is PIKT® powered.
PIKT® is a registered trademark of the University of Chicago.   Copyright © 1998-2008 Robert Osterlund. All rights reserved.
Home FAQ News Intro Samples Tutorial Reference Software
PIKT Logo
PIKT Page Title
View sample
reset iptables
script config file