Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to enable ping?a litte complex
Operating Systems Solaris How to enable ping?a litte complex Post 303015633 by stomp on Monday 9th of April 2018 07:47:09 AM
Old 04-09-2018
Code:
# Icmp     

iptables -A INPUT -p icmp -m icmp --icmp-type 0 -s 0/0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT     
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -s 0/0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

a) ICMP is stateless. So defining the state is senseless

b) ICMP Subtype 8 is echo Request, which you correctly defined on the INPUT Chain. ICMP Subtype 0 is "echo Reply" which is regulated at the OUTPUT chain since it is sent from the local host to the pinging party

c) Defining source -s 0/0 is of no use. Omit that and you have no restriction of source addresses.

d) I would assume the module icmp is automatically loaded when you specifiy -p icmp, so you can omit this too.

You can trace your paket filter more closely with additional log-rules before and after important Rules in your filter-definition.

Oh. Wait. I misunterstood. iptables is the pinging party....
This User Gave Thanks to stomp For This Post:
Linusolaradm1
 

10 More Discussions You Might Find Interesting

1. Solaris

enable log

dear all i want to enable the below logs can you help me /var/adm/xferlog /var/spool/uucp/.Admin thanx you (0 Replies)
Discussion started by: murad.jaber
0 Replies

2. Linux

How to enable Hibernate

Hi, I want to enable hibernate in my machine. when i click hibernate option, it is throwing message that hibernate is not enabled in kernel. earlier, i was hibernating in the same machine with windows os. any idea ? Thx in advance. Siva (0 Replies)
Discussion started by: Sivaswami
0 Replies

3. AIX

How to enable XDMCP?

Hello everyone, I installed AIX the other day (several times!) but I can't get XDMCP to work. I remember from when I installed it the last time it worked out of the box. So why doesn't it work now? This is the error message I get: XDMCP fatal error: Session failed Session 2 failed for... (3 Replies)
Discussion started by: Kotzkroete
3 Replies

4. AIX

Enable SMT

How to enable SMT in aix 5.2 ml 9? If i run smtctl it gives error ksh: smtctl: not found. please tell me if SMT is supported in 5.2 (4 Replies)
Discussion started by: vjm
4 Replies

5. Shell Programming and Scripting

Animation Ping on Solaris Like Cisco Ping

Hi, I develop simple animation ping script on Solaris Platform. It is like Cisco ping. Examples and source code are below. bash-3.00$ gokcell 152.155.180.8 30 Sending 30 Ping Packets to 152.155.180.8 !!!!!!!!!!!!!.!!!!!!!!!!!!!!!. % 93.33 success... % 6.66 packet loss...... (1 Reply)
Discussion started by: gokcell
1 Replies

6. Shell Programming and Scripting

How to get reason for ping failure using perls Net::Ping->new("icmp");?

Hi I am using perl to ping a list of nodes - with script below : $p = Net::Ping->new("icmp"); if ($p->ping($host,1)){ print "$host is alive.\n"; } else { print "$host is unreacheable.\n"; } $p->close();... (4 Replies)
Discussion started by: tavanagh
4 Replies

7. SCO

Auditing: how to enable?

edit: solution found Auditing Quick Start and Compatibility Notes (1 Reply)
Discussion started by: Linusolaradm1
1 Replies

8. UNIX for Advanced & Expert Users

Enable lpfc changes!

Hi Folks! I am writing a script which changes lpfc.conf if there it has been setup on RHEL BOXes, do I need to put dracut -f for enabling it? I am not sure, Can someone help! (6 Replies)
Discussion started by: nixhead
6 Replies

9. Programming

Ping test sends mail when ping fails

help with bash script! im am working on this script to make sure my server will stay online, so i made this script.. HOSTS="192.168.138.155" COUNT=4 pingtest(){ for myhost in "$@" do ping -c "$COUNT" "$myhost" &&return 1 done return 0 } if pingtest $HOSTS #100% failed... (4 Replies)
Discussion started by: mort3924
4 Replies

10. Linux

Please: a litte help to crosscompile.

I have installed the "mipsel tuxbox" compile suite for crosscompile Host system is x86_64 slackware destination is mipsel32bit "vuduo+" For example,I want to compile a program, I use this script make clean export TOOLCHAIN=/opt/mipsel-tuxbox-linux-gnu export... (0 Replies)
Discussion started by: Linusolaradm1
0 Replies

LEARN ABOUT DEBIAN

iptables::parse

IPTables::Parse(3pm)					User Contributed Perl Documentation				      IPTables::Parse(3pm)

NAME

       IPTables::Parse - Perl extension for parsing iptables and ip6tables policies

SYNOPSIS

	 use IPTables::Parse;

	 my $ipt_bin = '/sbin/iptables'; # can set this to /sbin/ip6tables

	 my %opts = (
	     'iptables' => $ipt_bin,
	     'iptout'	=> '/tmp/iptables.out',
	     'ipterr'	=> '/tmp/iptables.err',
	     'debug'	=> 0,
	     'verbose'	=> 0
	 );

	 my $ipt_obj = new IPTables::Parse(%opts)
	     or die "[*] Could not acquire IPTables::Parse object";

	 my $rv = 0;

	 my $table = 'filter';
	 my $chain = 'INPUT';

	 my ($ipt_hr, $rv) = $ipt_obj->default_drop($table, $chain);
	 if ($rv) {
	     if (defined $ipt_hr->{'all'}) {
		 print "The INPUT chain has a default DROP rule for all protocols.
";
	     } else {
		 for my $proto (qw/tcp udp icmp/) {
		     if (defined $ipt_hr->{$proto}) {
			 print "The INPUT chain drops $proto by default.
";
		     }
		 }
	     }
	 } else {
	     print "[-] Could not parse $ipt_obj->{'_ipt_bin_name'} policy
";
	 }

	 ($ipt_hr, $rv) = $ipt_obj->default_log($table, $chain);
	 if ($rv) {
	     if (defined $ipt_hr->{'all'}) {
		 print "The INPUT chain has a default LOG rule for all protocols.
";
	     } else {
		 for my $proto (qw/tcp udp icmp/) {
		     if (defined $ipt_hr->{$proto}) {
			 print "The INPUT chain logs $proto by default.
";
		     }
		 }
	     }
	 } else {
	     print "[-] Could not parse $ipt_obj->{'_ipt_bin_name'} policy
";
	 }

DESCRIPTION

       The "IPTables::Parse" package provides an interface to parse iptables or ip6tables rules on Linux systems through the direct execution of
       iptables/ip6tables commands, or from parsing a file that contains an iptables/ip6tables policy listing.	You can get the current policy
       applied to a table/chain, look for a specific user-defined chain, check for a default DROP policy, or determing whether or not logging
       rules exist.

FUNCTIONS

       The IPTables::Parse extension provides an object interface to the following functions:

       chain_policy($table, $chain)
	   This function returns the policy (e.g. 'DROP', 'ACCEPT', etc.) for the specified table and chain:

	     print "INPUT policy: ", $ipt_obj->chain_policy('filter', 'INPUT'), "
";

       chain_rules($table, $chain)
	   This function parses the specified chain and table and returns an array reference for all rules in the chain.  Each element in the
	   array reference is a hash with the following keys (that contain values depending on the rule): "src", "dst", "protocol", "s_port",
	   "d_port", "target", "packets", "bytes", "intf_in", "intf_out", "to_ip", "to_port", "state", "raw", and "extended".  The "extended"
	   element contains the rule output past the protocol information, and the "raw" element contains the complete rule itself as reported by
	   iptables or ip6tables.

       default_drop($table, $chain)
	   This function parses the running iptables or ip6tables policy in order to determine if the specified chain contains a default DROP
	   rule.  Two values are returned, a hash reference whose keys are the protocols that are dropped by default if a global ACCEPT rule has
	   not accepted matching packets first, along with a return value that tells the caller if parsing the iptables or ip6tables policy was
	   successful.	Note that if all protocols are dropped by default, then the hash key 'all' will be defined.

	     ($ipt_hr, $rv) = $ipt_obj->default_drop('filter', 'INPUT');

       default_log($table, $chain)
	   This function parses the running iptables or ip6tables policy in order to determine if the specified chain contains a default LOG rule.
	   Two values are returned, a hash reference whose keys are the protocols that are logged by default if a global ACCEPT rule has not
	   accepted matching packets first, along with a return value that tells the caller if parsing the iptables or ip6tables policy was
	   successful.	Note that if all protocols are logged by default, then the hash key 'all' will be defined.  An example invocation is:

	     ($ipt_hr, $rv) = $ipt_obj->default_log('filter', 'INPUT');

AUTHOR

       Michael Rash, <mbr@cipherdyne.org>

SEE ALSO

       The IPTables::Parse is used by the IPTables::ChainMgr extension in support of the psad and fwsnort projects to parse iptables or ip6tables
       policies (see the psad(8), and fwsnort(8) man pages).  As always, the iptables(8) and ip6tables(8) man pages provide the best information
       on command line execution and theory behind iptables and ip6tables.

       Although there is no mailing that is devoted specifically to the IPTables::Parse extension, questions about the extension will be answered
       on the following lists:

	 The psad mailing list: http://lists.sourceforge.net/lists/listinfo/psad-discuss
	 The fwsnort mailing list: http://lists.sourceforge.net/lists/listinfo/fwsnort-discuss

       The latest version of the IPTables::Parse extension can be found on CPAN and also here:

	 http://www.cipherdyne.org/modules/

       Source control is provided by git:

	 http://www.cipherdyne.org/git/IPTables-Parse.git
	 http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=IPTables-Parse.git;a=summary

CREDITS

       Thanks to the following people:

	 Franck Joncourt <franck.mail@dthconnex.com>
	 Grant Ferley

AUTHOR

       The IPTables::Parse extension was written by Michael Rash <mbr@cipherdyne.org> to support the psad and fwsnort projects.  Please send email
       to this address if there are any questions, comments, or bug reports.

COPYRIGHT AND LICENSE

       Copyright (C) 2005-2012 Michael Rash.  All rights reserved.

       This module is free software.  You can redistribute it and/or modify it under the terms of the Artistic License 2.0.  More information can
       be found here: http://www.perl.com/perl/misc/Artistic.html

       This program is distributed "as is" in the hope that it will be useful, but without any warranty; without even the implied warranty of
       merchantability or fitness for a particular purpose.

perl v5.14.2							    2012-03-05						      IPTables::Parse(3pm)
All times are GMT -4. The time now is 06:24 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy