Question

1

Block ping from a particular IP address

rated 0 times [ 1] [ 0] / answers: 1 / hits: 4778 / 1 Year ago, mon, december 26, 2022, 2:50:01

My server is Ubuntu 12.04:-> IP 192.168.56.100 I have a client Ubuntu 13.04:-> IP 192.168.56.101

I have to block the ping from client to server
So I wrote the IPTABLE rule.

iptables -A INPUT -i eth0 -p ICMP -s 192.168.56.101 -j DROP

Now client can't ping to the Server that part is fine, but server can't ping to client which should not be happening. Before adding this rule both the server and client could ping each other.

Please tell me what am I missing here...

Answers given are correct but how does it works....???
Adding --icmp-type echo-request does resolve the issue but this rule is being added to the INPUT chain rules, so how can this rule anyway mess with the OUTPUT chain, as it's blocking the ping to client.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

skipu

Add To Favorites

Follow

Total Points: 366

Total Questions: 114

Total Answers: 112

Location: Saudi Arabia

Member since Mon, Sep 5, 2022

2 Years ago

skipu questions

1 Secure/password protected access to a file in Ubuntu 22.04

Sun, Dec 26, 21, 05:25, 2 Years ago

1 Syntax error: "(" unexpected

Wed, Oct 6, 21, 10:26, 3 Years ago

1 Is it possible to run a WSL app in the background?

Sun, Oct 31, 21, 02:01, 3 Years ago

1 Jack Audio application won't start under pipewire

Tue, Feb 14, 23, 19:48, 1 Year ago

1 Evaluate string ```$((expression))```-like and save in a variable

Sat, Jun 12, 21, 02:01, 3 Years ago

View All

answered 1 Year ago polcomposte · Accepted Answer

As I understand ping command sends ICMP echo request to the host, then host reply ICMP echo reply. So if you block all ICMP, ping doesn't work at all.

You should add this:

iptables -A INPUT -i eth0 -p icmp --icmp-type echo-request -s 192.168.56.101 -j DROP

This will block only request, but not reply

Answering you question in comments

It does not blocking outgoing ping request. It is blocking all incoming ICMP packets.

When you execute ping:

ping send ICMP request packet to 192.168.56.101 (It is outcoming ICMP)

192.168.56.101 receive this packet and send reply ICMP packet back to your server

Now your server iptables block this incoming reply packet. That's what is happening.

You can check it using this command sudo tcpdump ip proto icmp on 192.168.56.101. It will show you all ICMP requests/replies online.

Do this:

Remove this rule from server:

iptables -A INPUT -i eth0 -p icmp --icmp-type echo-request -s 192.168.56.101 -j DROP

Add this rule to your server:

iptables -A INPUT -i eth0 -p ICMP -s 192.168.56.101 -j DROP

Now execute this command on 192.168.56.101:

sudo tcpdump ip proto icmp

Execute ping 192.168.56.101 on server.

Now you should see on 192.168.56.101 that it receive ping request, and send reply. But iptables on server block this reply.