Iptables Outbound ICMP

In this sample iptables_out_icmp_programs.cfg, we filter outbound ICMP message traffic.

///////////////////////////////////////////////////////////////////////////////
//
// iptables_out_icmp_programs.cfg
//
///////////////////////////////////////////////////////////////////////////////

        // OUT_ICMP - filter outbound icmp messages

        =iptables -N OUT_ICMP
        for dip in $PING; do
            =iptables -A OUT_ICMP -p icmp --icmp-type echo-request -d $dip -j ACCEPT
            =iptables -A OUT_ICMP -p icmp --icmp-type echo-reply -d $dip -j ACCEPT
        done
        =iptables -A OUT_ICMP -p icmp --icmp-type destination-unreachable -j ACCEPT
        =iptables -A OUT_ICMP -p icmp --icmp-type source-quench -j ACCEPT
        =iptables -A OUT_ICMP -p icmp --icmp-type parameter-problem -j ACCEPT
        =iptables -A OUT_ICMP -j LOG --log-prefix "IPT OUT ICMP: " =logopt
        =iptables -A OUT_ICMP -j DROP

///////////////////////////////////////////////////////////////////////////////

This iptables_out_icmp_programs.cfg file is #included by the higher-level iptables_programs.cfg file.  In that file, we might have code invoking the OUT_ICMP chain as follows:

        =iptables -A OUT_NETWORK -p icmp -j OUT_ICMP

For more examples, see Samples.

Home | FAQ | News | Intro | Samples | Tutorial | Reference | Software
Developer's Notes | Licensing | Authors | Pikt-Users | Pikt-Workers | Related Projects | Site Index | Privacy Policy | Contact Us
Page best viewed at 1024x768 or greater.   Page last updated 2017-01-11.   This site is PIKT® powered.
Copyright © 1998-2017 Robert Osterlund. All rights reserved.
Home FAQ News Intro Samples Tutorial Reference Software
PIKT Logo
PIKT Page Title
View sample
iptables firewall
script config file