How to disable pinging a VDS server, but at the same time, so that you can add IP addresses that are allowed to ping?
1 answer
completely block icmp-packets reception:
$ sudo iptables -A INPUT -p icmp -j DROP block only receiving icmp-packets of type echo-request :
$ sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP a) to allow reception of such packets from a certain ip-address, you can add before this rule a netfilter -a permitting rule:
$ sudo iptables -A INPUT -s ip-адрес -p icmp --icmp-type echo-request -j ACCEPT $ sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP You can either add one rule for each ip-address, or:
- list several comma-separated:
-s ip-адрес,ip-адрес,... - specify the mask:
-s ip-адрес/маска(default mask is 32 bits) - if the iprange module is available , specify the range of ip-addresses:
-m iprange --src-range 1.1.1.1-1.1.1.10
b) to allow reception of such packets from a certain ip-address, you can add a negation to the same rule (with ! ):
$ sudo iptables -A INPUT ! -s ip-адрес -p icmp --icmp-type echo-request -j DROP in this case, you can use the same methods to specify several ip-addresses as described above.
aleksandr barakin aleksandr barakin
56.8k 13 48 172
|