ICMP Off

Taking care of your Linux box.
mfaisalkh
Havaldaar
Posts: 124
Joined: Wed Mar 17, 2004 4:05 pm
Location: Karachi

ICMP Off

Postby mfaisalkh » Wed Jun 16, 2004 9:23 pm

Dear Frendz,

My server IP is 192.168.0.1 & my clients IP is 192.168.0.x
How can i block Ping Request from clients side to server.
plz tell me the steps-by-steps guide.

jargon
Lieutenant Colonel
Posts: 691
Joined: Mon Oct 13, 2003 9:40 am

Postby jargon » Thu Jun 17, 2004 1:38 am

no such thing as step-by-step, except the old tv show,

this would req. modifying your iptables (firewall) rules,

Might want to check out Securing Linux...
http://www.openna.com/products/books/sol/solus.php
jargon

funaki
Lance Naik
Posts: 27
Joined: Thu Jun 03, 2004 1:39 am
Location: A Block away from hell

Postby funaki » Thu Jun 17, 2004 1:59 am

here a Howto on Iptables

http://www.siliconvalleyccie.com/linux- ... -intro.htm

in simple you can try adding this to your iptables configuration

iptables -A OUTPUT -p icmp --icmp-type echo-request -j Reject
iptables -A INPUT -p icmp --icmp-type echo-reply -j reject

now if u want server to send out icmp you can in the first line Add Accept instead of reject and vise versa.
Funaki
Image
AMD 3400+|2GBRAM|ATI9800xt|120GB hdd x2|
Intel 3.2GHZ|2GBRAM|Nvidia FX5900| 200GBhdd x2|

linuxgeek
Site Admin
Posts: 195
Joined: Wed Aug 07, 2002 8:00 pm
Location: Multan, Pakistan
Contact:

Postby linuxgeek » Thu Jun 17, 2004 3:53 am

Salams

or an easy way can be

root@googy:/proc/sys/net/ipv4# echo 1 > icmp_echo_ignore_all


it will block all ping request :) no need for iptables for this.

regards

~uppal
Junaid Saeed Uppal
uppal at linux dot net dot pk
Cell : +92.345.8586045

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Thu Jun 17, 2004 1:35 pm

linuxgeek wrote:or an easy way can be

root@googy:/proc/sys/net/ipv4# echo 1 > icmp_echo_ignore_all


that's a bad idea. you want client machines to see icmp unreachable and other messages.

linuxgeek
Site Admin
Posts: 195
Joined: Wed Aug 07, 2002 8:00 pm
Location: Multan, Pakistan
Contact:

Re: ICMP Off

Postby linuxgeek » Thu Jun 17, 2004 1:37 pm

but thats what he said... take a look at his message!


mfaisalkh wrote:Dear Frendz,

My server IP is 192.168.0.1 & my clients IP is 192.168.0.x
How can i block Ping Request from clients side to server.
plz tell me the steps-by-steps guide.
Junaid Saeed Uppal
uppal at linux dot net dot pk
Cell : +92.345.8586045

LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Postby LinuxFreaK » Sat Jun 19, 2004 8:56 pm

Dear linuxgeek,
Salam,

# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all


I think he need to put this command in /etc/rc.d/rc.local because when his computer reboot he will need to give this command again.

Best Regards.
Farrukh Ahmed

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Sat Jun 19, 2004 10:34 pm

you should set net.ipv4.icmp_echo_ignore_all = 1 in /etc/sysctl.conf instead of adding that command to /etc/rc.local. however, again, you don't want to do this. this will block a lot of useful icmp messages.

why do i get an error while trying to quote-reply to messages here? i get
Sorry, but only can reply to posts in this forum.


the missing noun in that sentence makes me believe it's a bug.

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Sat Jun 19, 2004 10:35 pm

oh, great. now when i try to edit my posts, i get

Sorry, but you can only edit your own posts.


Return to “Administration”

Who is online

Users browsing this forum: No registered users and 1 guest