http://i61.tinypic.com/nejdvk.png
I am sorry for uploading picture in another site. Because my reputation not enough.
I want that number one can only send ping number 3
But ı assume that ı should use nat. please give an any advise.
my attempt:
iptables -A OUTPUT -p icmp --icmp-type 8 -d ! 192.168.14.2 -j DROP
If you want all other traffic to be dropped, i.e. that machine 1 wouldn't be allowed to send any other packet to any other machine, you have to define the default policy of iptables's OUTPUT chain in machine 1 as DROP and allow just that single packet type to that specific destination, as follows:
iptables -F OUTPUT # first of all, delete all current rules in the OUTPUT chain
iptables -P OUTPUT DROP # set the default policy of the OUTPUT chain to DROP
iptables -A OUTPUT -p icmp --icmp-type 8 -d 192.168.14.2 -j ACCEPT # allow this single packet type to this specific destination
Note that this should be defined in machine 1.