I have taken a security site of quite a few websites that said I am able to reply to ICMP and TCP pings, TCP null, TCP fin, and TCP xmas.

I run iptables but how do I change it to not allow my machine to reply to pings but to just completely drop those requests full stealth, and the same with null,fin,xmas and anything else?

Thanks alot for your help!

To drop all ICMP stuff...

#echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

I recommend setting your default policy to DROP (or reject) by starting with

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

And work from there. There's a few more really recent iptables posts that had some people's scripts posted in them. I also decided today to stray from my script and try running firestarter...I must say I"m overall pretty impressed with it. Really simple to setup and provides logging...I recommend it to anyone.

Sebastian

Hi, SeaBass55,

I've tried to install Firestarter 5 times (!!!).

After running the

./configure

command, it complains about not finding a certain config file generated for Gnome.

I'm running SuSE 8.1 Pro with KDE 3.0.3, but have installed everything to do with Gnome.

Can you help?

BTW, sorry for getting into this thread out of the blue, but I am going nuts with this

You're probably missing one of Gnome's -devel packages. I don't know which one, both because you didn't post which file it complained about not having, and because I don't know that much about how Gnome's packages are laid out.

Don't know what to say...started having some issues with Firestarter (with it locking up) and just figured screw it...so I re-did my script and stuck with it.

C