Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 2131 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ping request / Ping reply howto?

FrankFiene
I need to close any ping traffic over the Astaro (currently V6).

The problem is: our Nagios system needs ping for host checks.

So i've tried to setup packet filter rules for "ICMP - Echo Request/Reply":

nagios - icmp(ping request) - dmz - allow
any - icmp(ping request) - any - drop

These are the first two rules in the Webadmin interface.

But netfilter doesn't match any packets.

This is because iptables chain AUTO_FORWARD is computed before chain USR_FORWARD.

So is it fact that i can only block or allow ALL ping traffic?


This thread was automatically locked due to age.
  • 0
    I set up two test Packet Filters and was able to make this work. I specifed a host in the first rule that could ping any, the second rule dropped all pings. Tested on two different computers and worked as expected.

    The first rule: Specified host - Ping - any - allow

    The second rule: Any host - Ping - any - deny
  • 0 in reply to ShannonColeman
    Sorry, I didn't notice you were using Astaro version 6. I just built a 6.3 Astaro and tested this, and I couldn't make this work either. [:(]

    I orginally tested on 7.202, and works fine
Unfiltered HTML