Re: General MoBlock thread
I have came across some nice idea to block ICMP from internet but allow it from intranet:
so I changed it to (in /etc/pgl/iptables-custom-insert.sh):
Copy/Paste from the web site:
# --- I allow ICMP traffic from local intranet, block it from Internet.
# --- That way my server is all but invisible online (it responds only on a non standard SSH port).
iptables -I INPUT 7 -d 208.180.X.X -p icmp --icmp-type 8 -j DROP
iptables -I INPUT 8 -d 208.180.X.X -p icmp --icmp-type 0 -j DROP
iptables -I INPUT 9 -d 208.180.X.X -p icmp --icmp-type 11 -j DROP
# --- This inserts it after the standard loopback, established, LAN whitelist, VOIP provider whitelist, and SSH port ACCEPTs. I allow the traffic I want, and then do my best to keep the server invisible to the rest of the world.
I would like to know if it is really working as it has been said on that web page and how to implement it for MoBlock (do I need to specify address as it is in original form) ?
iptables -I pgl_in -p icmp --icmp-type 8 -j DROP
iptables -I pgl_in -p icmp --icmp-type 0 -j DROP
iptables -I pgl_in -p icmp --icmp-type 11 -j DROP
maximus iv extreme R3, BIOS:3602;i7 2600k(3.4GHz) OC:5.1GHz (water);32GB dominator OC:1600MHz/22.214.171.124.1(air);SSD OCZ-Revodrive3 MI X2 PCI-E 4x;AMD HD 6990 830MHz(air);HDs: SATA III/II,AHCI,hot-plug;Firewire PCI-E does not work;