September 2005
Intermediate to advanced
552 pages
13h 30m
English
Content preview from Linux Firewalls, Third Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Filtering ICMP Control and Status Messages
ICMP control messages are generated in response to a number of error conditions, and they are produced by network analysis programs such as ping and traceroute.
ICMP MESSAGE TYPES AND IPTABLESiptables supports the use of either the ICMP numeric message type or the alphabetic symbolic name. iptables also supports use of the message subtypes, or codes. This is especially useful for finer filtering control over type 3 Destination Unreachable messages. For example, you could specifically disallow outgoing Port Unreachable messages to disable an incoming traceroute, or you could specifically allow only outgoing Fragmentation Needed messages. To see a list of all supported ICMP symbolic names in iptables, ... |