|
Click to See Complete Forum and Search --> : I don't want my Linux to answer pings -how? CMonster 03-14-2001, 07:15 PM Is there a way I can tell my Linux box not to answer pings? I'm using pmfirewall and it works very well for stealthing my ports but I would like to keep my box form answering pings as well. William Henrey Gates III 03-14-2001, 07:21 PM Turn off auto-answer :D...j/k I think I saw some kinda program over at freshmeat for that I dont remember what the name of it is..... Bradmont 03-14-2001, 07:22 PM Here (http://http://netfilter.kernelnotes.org/unreliable-guides/packet-filtering-HOWTO/index.html) is a doc about IPtables you can look at, if you're using kernel >= 2.4. I'm no expert on the subject, otherwise I'd give you some direct instructions rather than pointing you at another page, but anyway, I know it can be done, and I think you will find it here. Bradmont 7 03-14-2001, 07:29 PM Or if your using ipchains, ipchains -A input -i eth0 -p icmp -j REJECT [ 14 March 2001: Message edited by: 7 ] [ 14 March 2001: Message edited by: 7 ] Tyr-7BE 03-14-2001, 08:19 PM Originally posted by William Henrey Gates III: Turn off auto-answer :D...j/k I think I saw some kinda program over at freshmeat for that I dont remember what the name of it is..... Now what might William Henry Gates III be doing at Freshmeat? William Henrey Gates III 03-14-2001, 08:31 PM YOU ARE ASKING TOO MANY QUESTIONS!! DO NOT WORRY ABOUT WHAT I MAY DO AT FRESHMEAT BUT WORRY ABOUT THE IMPENDING DOOM OF YOUR FAVORITE OPERATING SYSTEM FOR WONDERING ABOUT WHAT I AM DOING AT FRESHMEAT!! whitehorse 03-14-2001, 08:37 PM LMAO CMonster 03-15-2001, 01:02 AM Thanks all - 7 ;) -that will do it I think. aph3x 03-15-2001, 04:50 AM youll want to accept inbound ICMP echo-replies and reject or deny inbound ICMP echo-requests. if you deny the echo-replies, youll only be able to "half-ping" so to speak... youll be able to send outbound ICMP echo-requests, but since your denying echo-replies, youll never receive them from the remote host. i reconfiged this earlier today on my firewall... try this, see if this is what youre wanting to do: $EXT_IF = your external interface (ppp0, eth0, etc) #block echo requests from outside ipchains -A input -j REJECT -i $EXT_IF -p icmp --icmp-type echo-request #accept echo requests from inside ipchains -A output -j ACCEPT -i $EXT_IF -p icmp --icmp-type echo-request #reject echo-replies from inside ipchains -A output -j REJECT -i $EXT_IF -p icmp --icmp-type echo-reply #accept echo-replies from outside ipchains -A input -j ACCEPT -i #EXT_IF -p icmp --icmp-type echo-reply i set these rules and scanned myself with nmap from outside my network, and nmap said "Host appears to be down..." :D [ 15 March 2001: Message edited by: aph3x ] CMonster 03-15-2001, 05:36 AM aph3x thanks Windows rulez! 03-15-2001, 08:10 AM If you had any problems with linux, you should get windows. When you are using windows you don't have any problems at all!!! Sucker!!!! bdg1983 03-15-2001, 09:12 AM OK then, how can you get Windows to reject pings? vwkess 03-15-2001, 09:44 AM How? Unplug the cable! :) CMonster 03-15-2001, 01:41 PM aph3x - thanks again. BTW - it looks like there is an error on line 3 you omitted "-j" It worked like a charm - I added the following to pmfirewall.local.rules #No Ping $IPCHAINS -A input -j REJECT -i $EXT_IF -p icmp --icmp-type echo-request $IPCHAINS -A output -j ACCEPT -i $EXT_IF -p icmp --icmp-type echo-request $IPCHAINS -A output -j REJECT -i $EXT_IF -p icmp --icmp-type echo-reply $IPCHAINS -A input -j ACCEPT -i #EXT_IF -p icmp --icmp-type echo-reply Windoze Rulez - you are too funny, that's why I like LNO - the satire. aph3x 03-15-2001, 04:21 PM oops! :p note the edit made... glad i could help :D stiles 03-15-2001, 08:05 PM You don't have to use a firewall script to do this, try this: echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all justlinux.com
Copyright Internet.com Inc. All Rights Reserved. |
|