denying ping
Alan Horn
ahorn at deorth.org
Tue Mar 9 03:04:01 UTC 2004
Russell,
It's a bad idea to deny all icmp, it breaks things like mtu discovery.
There are many different types of icmp, and although denying most is OK,
some you should let in. Off the top of my head I don't recall the type
numbers of the ones you want to drop, and the ones you want to keep
You're probably better off searching for the right ways to deny pings
using ipchains or whatever firewall linux is uing nowadays. Then deny only
specific types. Search engine is your friend in this regard since it's
generally a very well solved problem.
Unless you know what you're doing with denying pings, in which case ignore
what I just said :)
Cheers,
Al
On Mon, 8 Mar 2004, russell wrote:
>Date: Mon, 08 Mar 2004 22:00:22 -0500
>From: russell <simmonsr at verizon.net>
>Reply-To: fedora-list at redhat.com
>To: fedora-list at redhat.com
>Subject: denying ping
>
>I'm trying to deny ping access on my new fedora box. I run: # echo 1
> > /proc/sys/net/ipv4/icmp_echo_ignore_all, but this doen't work. Does
>anyone have any ideas how to deny icmp requests on fedora?
>
>tia
>
>russell
>
>
>
More information about the fedora-list
mailing list