#!/bin/bash
#Copyright 2004 William Stearns <wstearns@pobox.com>
#Released under the GPL
#Automatically generated by Modwall, http://www.stearns.org/modwall/

#==== Brick specific help ====
#	The icmpchk module puts in some blocks for fragmented icmp packets
#(illegal) and address mask and timestamp requests and replies.  At best,
#these are uncommon and are used in network mapping.  These rules should
#be safe to use on any network.

/usr/bin/sudo /sbin/iptables -N icmpchk
/usr/bin/sudo /sbin/iptables -A icmpchk -p icmp -f -j DROP
/usr/bin/sudo /sbin/iptables -A icmpchk -p icmp --icmp-type address-mask-request -j DROP
/usr/bin/sudo /sbin/iptables -A icmpchk -p icmp --icmp-type address-mask-reply -j DROP
/usr/bin/sudo /sbin/iptables -A icmpchk -p icmp --icmp-type timestamp-request -j DROP
/usr/bin/sudo /sbin/iptables -A icmpchk -p icmp --icmp-type timestamp-reply -j DROP
/usr/bin/sudo /sbin/iptables -A INPUT -i ! lo -p icmp -j icmpchk
/usr/bin/sudo /sbin/iptables -A FORWARD -p icmp -j icmpchk
/usr/bin/sudo /sbin/iptables -A OUTPUT -p icmp -j icmpchk