With iptables utility on Linux host need to create mini firewall. I need to drop all incoming connections with package length greater than 722 AND TTL greater than 22. Need exactly AND. Drop only if both conditions are TRUE.
sudo iptables -N LOGDROP sudo iptables -A OUTPUT -m ttl --ttl-gt 22 -j LOGDROP sudo iptables -A INPUT -m ttl --ttl-gt 22 -j LOGDROP sudo iptables -A LOGDROP -m length --length 722:65535 -j DROP
IP-adress of host is
10.6.7.9 with firewall.
I did 4 test from this host, trying to ping another host:
ping -s 10000 -t 250 10.6.7.10 //fail (TTL AND LENGHT are wrong) ping -s 100 -t 200 10.6.7.10 //success (TTL is wrong) ping -s 10 -t 10 10.6.7.10 //success (Both are right) ping -s 10000 -t 10 10.6.7.10 // fail, BUT SHOULD BE TRUE.
Why last ping doesn't work ,and how to fix it? Thanks for any help.