Or, was that what you asked? If you want to see them, you can either setup logging, or use tcpdump. Be careful with the logging though; a few years ago I put a LOG target in the wrong position and accidentally logged every packet. The log file filled the partition in a very short time...
]]>iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT ! -i lo -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
If you want to accept traffic from machines on your internal LAN, you could just add a line such as
iptables -A INPUT ! -i lo -m conntrack --ctstate NEW --source 192.168.0.0/24 -j ACCEPT
Here, I assume that you use 192.168.0.0/24 on your internal LAN.
]]>I must say, I don't understand your ruleset. Why do you accept stuff by default, and then only drop a few very specific things?
What are you referring?
]]>Actually though you should consider fukawi's comment. ICMP is necessary/important for controlled network flows. Not much harm coming from it these days.
Why do you want to disallow pings anyway?
Ps: infact iptables -vnL (after ping) says that there isno ping request incoming/exiting. But ping localhost is dropped.
And so what I can do?
I would to drop the pings with iptables. I have set these statements:
ICMP (including ping) is not the enemy: http://www.itchannelinsight.com/2012/10/icmp/
]]>iptables -A INPUT -j DROP -p icmp --icmp-type echo-request
But why in my machine doesn't work!?!
ps: added before your message.
]]>Sorry, I'm not a networks expert.
If I have understood, do you mean that iptables should to drop requests from 192.168.1.x (x=73 in my case)?
Yes, probably (you dont explain to us what 192.168.1.73 is).
I was asking whether you have an internet router which might replying to the pings, before they reach your box:
ping.eu pings (1) --> your internetrouter replies back with echo-reply (2) before forwarding --> to your machine (3) (which then drops it (4))
Is the question clear now?
]]>Ps: but why iptables and sysctl both don't work? I think there's something wrong elsewhere.
]]>