Is it possible at all to block all users other than root from sending outbound ICMP packets on an interface?
At the moment we have the following two rules in our IPtables config:
iptables -A OUTPUT -o eth1 -m owner –uid-owner 0 -j ACCEPT
iptables -A OUTPUT -o eth1 -j DROP
But this still allows ICMP for some reason (but *does* block other TCP/UDP
packets, which is what we want, as well as ICMP).