Block connection in firewall -
Bob Goodwin
bobgoodwin at wildblue.net
Fri Feb 12 21:18:02 UTC 2016
On 02/12/16 16:12, Gordon Messmer wrote:
>> It works to prevent internet access
>> from that ip. However I can still
>> ping 8.8.8.8
>
> In a very general sense, DROP may be
> preferred to REJECT when you are
> dealing with protocols other than TCP
> or UDP.
>
> For TCP, a firewall can reject a
> packet by sending a TCP RST in reply.
> However, for all other traffic, an
> ICMP message has to be returned for a
> rejection. One effect of that is that
> you may be replying to ICMP echo
> requests with an ICMP message from
> your firewall. It could be that what
> you're seeing isn't a reply from
> 8.8.8.8 at all, but a reply from the
> firewall.
>
> Try dropping the traffic instead, and
> see if that effectively blocks
> outbound traffic.
> --
.
I will try that. In either case I will
include ICMP if it doesn't.
Bob
--
Bob Goodwin - Zuni, Virginia, USA
http://www.qrz.com/db/W2BOD
box10 FEDORA-23/64bit LINUX XFCE POP3
More information about the users
mailing list