Iptables Outbound ICMP

In this sample iptables_out_icmp_programs.cfg, we filter outbound ICMP message traffic. 

///////////////////////////////////////////////////////////////////////////////
//
// iptables_out_icmp_programs.cfg
//
///////////////////////////////////////////////////////////////////////////////

        // OUT_ICMP - filter outbound icmp messages

        =iptables -N OUT_ICMP
        for dip in $PING; do
            =iptables -A OUT_ICMP -p icmp --icmp-type echo-request -d $dip -j ACCEPT
            =iptables -A OUT_ICMP -p icmp --icmp-type echo-reply -d $dip -j ACCEPT
        done
        =iptables -A OUT_ICMP -p icmp --icmp-type destination-unreachable -j ACCEPT
        =iptables -A OUT_ICMP -p icmp --icmp-type source-quench -j ACCEPT
        =iptables -A OUT_ICMP -p icmp --icmp-type parameter-problem -j ACCEPT
        =iptables -A OUT_ICMP -j LOG --log-prefix "IPT OUT ICMP: " =logopt
        =iptables -A OUT_ICMP -j DROP

///////////////////////////////////////////////////////////////////////////////

This iptables_out_icmp_programs.cfg file is #included by the higher-level iptables_programs.cfg file.  In that file, we might have code invoking the OUT_ICMP chain as follows: 

        =iptables -A OUT_NETWORK -p icmp -j OUT_ICMP

Open Hand For more examples, see Samples.

Home | FAQ | News | Intro | Samples | Tutorial | Reference | Software
Developer's Notes | Licensing | Authors | Pikt-Users | Pikt-Workers | Related Projects | Site Index | Privacy Policy | Contact Us
Page best viewed at 1024x768 or greater.   Page last updated 2008-03-27.   This site is PIKT® powered.
PIKT® is a registered trademark of the University of Chicago.   Copyright © 1998-2008 Robert Osterlund. All rights reserved.
Home FAQ News Intro Samples Tutorial Reference Software
PIKT Logo
PIKT Page Title
View sample
reset iptables
script config file