Copy/Paste from the web site:
# --- I allow ICMP traffic from local intranet, block it from Internet.
# --- That way my server is all but invisible online (it responds only on a non standard SSH port).
iptables -I INPUT 7 -d 208.180.X.X -p icmp --icmp-type 8 -j DROP
iptables -I INPUT 8 -d 208.180.X.X -p icmp --icmp-type 0 -j DROP
iptables -I INPUT 9 -d 208.180.X.X -p icmp --icmp-type 11 -j DROP
# --- This inserts it after the standard loopback, established, LAN whitelist, VOIP provider whitelist, and SSH port ACCEPTs. I allow the traffic I want, and then do my best to keep the server invisible to the rest of the world.
Bookmarks