ICMP Off

Taking care of your Linux box.

ICMP Off

Postby mfaisalkh » Wed Jun 16, 2004 9:23 pm

Dear Frendz,

My server IP is 192.168.0.1 & my clients IP is 192.168.0.x
How can i block Ping Request from clients side to server.
plz tell me the steps-by-steps guide.
mfaisalkh
Havaldaar
 
Posts: 124
Joined: Wed Mar 17, 2004 4:05 pm
Location: Karachi

Postby jargon » Thu Jun 17, 2004 1:38 am

no such thing as step-by-step, except the old tv show,

this would req. modifying your iptables (firewall) rules,

Might want to check out Securing Linux...
http://www.openna.com/products/books/sol/solus.php
jargon
jargon
Lieutenant Colonel
 
Posts: 691
Joined: Mon Oct 13, 2003 9:40 am

Postby funaki » Thu Jun 17, 2004 1:59 am

here a Howto on Iptables

http://www.siliconvalleyccie.com/linux- ... -intro.htm

in simple you can try adding this to your iptables configuration

iptables -A OUTPUT -p icmp --icmp-type echo-request -j Reject
iptables -A INPUT -p icmp --icmp-type echo-reply -j reject

now if u want server to send out icmp you can in the first line Add Accept instead of reject and vise versa.
Funaki
Image
AMD 3400+|2GBRAM|ATI9800xt|120GB hdd x2|
Intel 3.2GHZ|2GBRAM|Nvidia FX5900| 200GBhdd x2|
funaki
Lance Naik
 
Posts: 27
Joined: Thu Jun 03, 2004 1:39 am
Location: A Block away from hell

Postby linuxgeek » Thu Jun 17, 2004 3:53 am

Salams

or an easy way can be

root@googy:/proc/sys/net/ipv4# echo 1 > icmp_echo_ignore_all


it will block all ping request :) no need for iptables for this.

regards

~uppal
Junaid Saeed Uppal
uppal at linux dot net dot pk
Cell : +92.345.8586045
linuxgeek
Site Admin
 
Posts: 195
Joined: Wed Aug 07, 2002 8:00 pm
ICQ: 15619696
Website: http://www.linux.net.pk
AOL: pakipenguin
Location: Multan, Pakistan

Postby lambda » Thu Jun 17, 2004 1:35 pm

linuxgeek wrote:or an easy way can be

root@googy:/proc/sys/net/ipv4# echo 1 > icmp_echo_ignore_all


that's a bad idea. you want client machines to see icmp unreachable and other messages.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Re: ICMP Off

Postby linuxgeek » Thu Jun 17, 2004 1:37 pm

but thats what he said... take a look at his message!


mfaisalkh wrote:Dear Frendz,

My server IP is 192.168.0.1 & my clients IP is 192.168.0.x
How can i block Ping Request from clients side to server.
plz tell me the steps-by-steps guide.
Junaid Saeed Uppal
uppal at linux dot net dot pk
Cell : +92.345.8586045
linuxgeek
Site Admin
 
Posts: 195
Joined: Wed Aug 07, 2002 8:00 pm
ICQ: 15619696
Website: http://www.linux.net.pk
AOL: pakipenguin
Location: Multan, Pakistan

Re:

Postby LinuxFreaK » Sat Jun 19, 2004 8:56 pm

Dear linuxgeek,
Salam,

# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all


I think he need to put this command in /etc/rc.d/rc.local because when his computer reboot he will need to give this command again.

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby lambda » Sat Jun 19, 2004 10:34 pm

you should set net.ipv4.icmp_echo_ignore_all = 1 in /etc/sysctl.conf instead of adding that command to /etc/rc.local. however, again, you don't want to do this. this will block a lot of useful icmp messages.

why do i get an error while trying to quote-reply to messages here? i get
Sorry, but only can reply to posts in this forum.


the missing noun in that sentence makes me believe it's a bug.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby lambda » Sat Jun 19, 2004 10:35 pm

oh, great. now when i try to edit my posts, i get

Sorry, but you can only edit your own posts.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore


Return to “%s” Administration

Who is online

Users browsing this forum: No registered users and 1 guest

cron