1

I am going to filter Ping request to my server, and only accepts ping request with length 920.

ping -l 920 serrveraddress

I am using the following two command in iptables

iptables -A INPUT -p icmp -m length --length 1:920 -j ACCEPT
iptables -A INPUT -p icmp -j DROP

But it accept all the ping requests. Could you please guide me through this problem?

Many thanks

Thomas
  • 4,225
  • 5
  • 23
  • 28
rahram
  • 113
  • 4

1 Answers1

1

--length 1:920 means any packet with size 1 to 920 bytes. Default ping packet is much smaller than 920 bytes.

Ipor Sircer
  • 1,226
  • 7
  • 8