Dear Frendz,
My server IP is 192.168.0.1 & my clients IP is 192.168.0.x
How can i block Ping Request from clients side to server.
plz tell me the steps-by-steps guide.
ICMP Off
no such thing as step-by-step, except the old tv show,
this would req. modifying your iptables (firewall) rules,
Might want to check out Securing Linux...
http://www.openna.com/products/books/sol/solus.php
this would req. modifying your iptables (firewall) rules,
Might want to check out Securing Linux...
http://www.openna.com/products/books/sol/solus.php
jargon
here a Howto on Iptables
http://www.siliconvalleyccie.com/linux- ... -intro.htm
in simple you can try adding this to your iptables configuration
iptables -A OUTPUT -p icmp --icmp-type echo-request -j Reject
iptables -A INPUT -p icmp --icmp-type echo-reply -j reject
now if u want server to send out icmp you can in the first line Add Accept instead of reject and vise versa.
http://www.siliconvalleyccie.com/linux- ... -intro.htm
in simple you can try adding this to your iptables configuration
iptables -A OUTPUT -p icmp --icmp-type echo-request -j Reject
iptables -A INPUT -p icmp --icmp-type echo-reply -j reject
now if u want server to send out icmp you can in the first line Add Accept instead of reject and vise versa.
Funaki
AMD 3400+|2GBRAM|ATI9800xt|120GB hdd x2|
Intel 3.2GHZ|2GBRAM|Nvidia FX5900| 200GBhdd x2|
AMD 3400+|2GBRAM|ATI9800xt|120GB hdd x2|
Intel 3.2GHZ|2GBRAM|Nvidia FX5900| 200GBhdd x2|
no need for iptables for this.-
linuxgeek
- Site Admin
- Posts: 195
- Joined: Wed Aug 07, 2002 8:00 pm
- Location: Multan, Pakistan
- Contact:
Re: ICMP Off
but thats what he said... take a look at his message!
mfaisalkh wrote:Dear Frendz,
My server IP is 192.168.0.1 & my clients IP is 192.168.0.x
How can i block Ping Request from clients side to server.
plz tell me the steps-by-steps guide.
Junaid Saeed Uppal
uppal at linux dot net dot pk
Cell : +92.345.8586045
uppal at linux dot net dot pk
Cell : +92.345.8586045
-
LinuxFreaK
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear linuxgeek,
Salam,
Best Regards.
Salam,
I think he need to put this command in /etc/rc.d/rc.local because when his computer reboot he will need to give this command again.# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Best Regards.
Farrukh Ahmed
you should set net.ipv4.icmp_echo_ignore_all = 1 in /etc/sysctl.conf instead of adding that command to /etc/rc.local. however, again, you don't want to do this. this will block a lot of useful icmp messages.
why do i get an error while trying to quote-reply to messages here? i get
why do i get an error while trying to quote-reply to messages here? i get
the missing noun in that sentence makes me believe it's a bug.Sorry, but only can reply to posts in this forum.