Block connection in firewall -
Gordon Messmer
gordon.messmer at gmail.com
Fri Feb 12 21:12:58 UTC 2016
On 02/12/2016 11:10 AM, Bob Goodwin wrote:
> It works to prevent internet access from that ip. However I can still
> ping 8.8.8.8
In a very general sense, DROP may be preferred to REJECT when you are
dealing with protocols other than TCP or UDP.
For TCP, a firewall can reject a packet by sending a TCP RST in reply.
However, for all other traffic, an ICMP message has to be returned for a
rejection. One effect of that is that you may be replying to ICMP echo
requests with an ICMP message from your firewall. It could be that what
you're seeing isn't a reply from 8.8.8.8 at all, but a reply from the
firewall.
Try dropping the traffic instead, and see if that effectively blocks
outbound traffic.
More information about the users
mailing list