iptables ICMP Typen

Um mal zu verdeutlichen welche ICMP Anfragen an meinen Server gestellt werden, habe ich folgende Typenbeschreibung als Kommentar in iptables ausgeben lassen.

iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT -m comment --comment "ICMP  Echo Reply"
#iptables -A INPUT -p icmp --icmp-type 1-2 -j ACCEPT -m comment --comment "ICMP  Reserved"
iptables -A INPUT -p icmp --icmp-type 3 -j ACCEPT -m comment --comment "ICMP  Destination Unreachable"
iptables -A INPUT -p icmp --icmp-type 4 -j ACCEPT -m comment --comment "ICMP  Source Quench"
iptables -A INPUT -p icmp --icmp-type 5 -j ACCEPT -m comment --comment "ICMP  Redirect"
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT -m comment --comment "ICMP  Echo Request"
iptables -A INPUT -p icmp --icmp-type 9 -j ACCEPT -m comment --comment "ICMP  Router Advertisement"
iptables -A INPUT -p icmp --icmp-type 10 -j ACCEPT -m comment --comment "ICMP  Router Solicitation"
iptables -A INPUT -p icmp --icmp-type 11 -j ACCEPT -m comment --comment "ICMP  Time Exceeded"
iptables -A INPUT -p icmp --icmp-type 12 -j ACCEPT -m comment --comment "ICMP  Parameter Problem"
iptables -A INPUT -p icmp --icmp-type 13 -j ACCEPT -m comment --comment "ICMP  Timestamp (erleichtert die Zeitsynchronisation)"
iptables -A INPUT -p icmp --icmp-type 14 -j ACCEPT -m comment --comment "ICMP  Timestamp Reply"
iptables -A INPUT -p icmp --icmp-type 15 -j ACCEPT -m comment --comment "ICMP  Information Request"
iptables -A INPUT -p icmp --icmp-type 16 -j ACCEPT -m comment --comment "ICMP  Information Reply"
iptables -A INPUT -p icmp --icmp-type 17 -j ACCEPT -m comment --comment "ICMP  Address Mask Request"
iptables -A INPUT -p icmp --icmp-type 18 -j ACCEPT -m comment --comment "ICMP  Address Mask Reply"
iptables -A INPUT -p icmp --icmp-type 19 -j ACCEPT -m comment --comment "ICMP  Reserved (for Security)"
#iptables -A INPUT -p icmp --icmp-type 20-29 -j ACCEPT -m comment --comment "ICMP  Reserved (for Robustness Experiment)"
iptables -A INPUT -p icmp --icmp-type 30 -j ACCEPT -m comment --comment "ICMP  Traceroute"
iptables -A INPUT -p icmp --icmp-type 31 -j ACCEPT -m comment --comment "ICMP  Datagram Conversion Error"
iptables -A INPUT -p icmp --icmp-type 32 -j ACCEPT -m comment --comment "ICMP  Mobile Host Redirect"
iptables -A INPUT -p icmp --icmp-type 33 -j ACCEPT -m comment --comment "ICMP  Ursprünglich IPv6 Where-Are-You (ersetzt durch ICMPv6)"
iptables -A INPUT -p icmp --icmp-type 34 -j ACCEPT -m comment --comment "ICMP  Ursprünglich IPv6 I-Am-Here (ersetzt durch ICMPv6)"
iptables -A INPUT -p icmp --icmp-type 35 -j ACCEPT -m comment --comment "ICMP  Mobile Registration Request"
iptables -A INPUT -p icmp --icmp-type 36 -j ACCEPT -m comment --comment "ICMP  Mobile Registration Reply"
iptables -A INPUT -p icmp --icmp-type 37 -j ACCEPT -m comment --comment "ICMP  Domain Name Request"
iptables -A INPUT -p icmp --icmp-type 38 -j ACCEPT -m comment --comment "ICMP  Domain Name Reply"
iptables -A INPUT -p icmp --icmp-type 39 -j ACCEPT -m comment --comment "ICMP  SKIP"
iptables -A INPUT -p icmp --icmp-type 40 -j ACCEPT -m comment --comment "ICMP  Photuris"
iptables -A INPUT -p icmp --icmp-type 41 -j ACCEPT -m comment --comment "ICMP  ICMP messages utilized by experimental mobility protocols such as Seamoby"
#iptables -A INPUT -p icmp --icmp-type 42-255 -j ACCEPT -m comment --comment "ICMP  Reserved"

Mit iptables -L -vn kann man sich dann die anzahl ausgeben lassen.
Quelle: wikipedia.org

Tags:

Veröffentlicht am: 09.12.2013 von: CHR | Tags: | publiziert in: Netzwerk, Security

«
»