Filtering ICMP Control and Status Messages
ICMP control messages are generated in response to a number of error conditions, and they are produced by network analysis programs such as ping and traceroute.
ICMP MESSAGE TYPES AND IPTABLESiptables supports the use of either the ICMP numeric message type or the alphabetic symbolic name. iptables also supports use of the message subtypes, or codes. This is especially useful for finer filtering control over type 3 Destination Unreachable messages. For example, you could specifically disallow outgoing Port Unreachable messages to disable an incoming traceroute, or you could specifically allow only outgoing Fragmentation Needed messages. To see a list of all supported ICMP symbolic names in iptables, ... |
Get Linux Firewalls, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
