My Sever
OS:Ubuntu 12.04
IP: 192.168.56.100
My Client
OS:Ubuntu 13.04
IP 192.168.56.101
Task
Block the ping request from client to server, so that when client ping the server, client should not get any reply.
Solution
Add the below rule in iptable of the server
You have to specify the icmp-type as echo-request other wise the outgoing ping from server to client also will get blocked because when you ping client from server following happens
:-ICMP echo-request is send to client
:-ICMP echo-reply is send back from client to server(this get dropped if no icmp-type is indicated)
Save rules in iptables permanently
If you give iptables-save rules will be saved for the current session but will be gone once you reboot your machine. To save them permanently
About the flags used in the rule
-A: Append with the existing rules
-i: In interface name
-o: Out interface name
-p: protocol
-s: Source IP Address
-d: Destination IP Address
-j: Jump Target-> What to do when a packet that satisfy this rule comes (eg: ACCEPT, DROP, QUEUE, RETURN or name of a user specif chain)
Built in chain Names:
FORWARD:-For packets routed through the box
INPUT:-For packets coming into the box
OUTPUT:- For altering the locally generated packets before routing
OS:Ubuntu 12.04
IP: 192.168.56.100
My Client
OS:Ubuntu 13.04
IP 192.168.56.101
Task
Block the ping request from client to server, so that when client ping the server, client should not get any reply.
Solution
Add the below rule in iptable of the server
iptables -A INPUT -i eth0 -p icmp --icmp-type echo-request -s 192.168.56.101 -j DROP
You have to specify the icmp-type as echo-request other wise the outgoing ping from server to client also will get blocked because when you ping client from server following happens
:-ICMP echo-request is send to client
:-ICMP echo-reply is send back from client to server(this get dropped if no icmp-type is indicated)
Save rules in iptables permanently
If you give iptables-save rules will be saved for the current session but will be gone once you reboot your machine. To save them permanently
- Open '/etc/network/interfaces' file
vim /etc/network/interfaces
- Append the below line along with your eth0 directives:
post-up /sbin/iptables-restore < /etc/iptables-up.rules
- Now save the current iptable rules to '/etc/iptables-up.rules'
iptables-save > /etc/iptables-up.rules
About the flags used in the rule
-A: Append with the existing rules
-i: In interface name
-o: Out interface name
-p: protocol
-s: Source IP Address
-d: Destination IP Address
-j: Jump Target-> What to do when a packet that satisfy this rule comes (eg: ACCEPT, DROP, QUEUE, RETURN or name of a user specif chain)
Built in chain Names:
FORWARD:-For packets routed through the box
INPUT:-For packets coming into the box
OUTPUT:- For altering the locally generated packets before routing
0 comments:
Post a Comment