denying ping
Bevan C. Bennett
bevan at fulcrummicro.com
Tue Mar 9 18:03:45 UTC 2004
Mitch Oliver wrote:
> If all you want to do is ignore ping requests, turn off the "echo"
> service, either using redhat-config-services or ntsysv.
>
> The ping command just sends out an echo request to the server. Without
> echo, the server cannot respond to ping requests.
>
> On Mon, 08 Mar 2004 22:00:22 -0500
> russell <simmonsr at verizon.net> wrote:
>
>
>>I'm trying to deny ping access on my new fedora box. I run: # echo
>>1
>> > /proc/sys/net/ipv4/icmp_echo_ignore_all, but this doen't work.
>> > Does
>>anyone have any ideas how to deny icmp requests on fedora?
The 'echo' service has nothing to do with ICMP replies ("ping").
By default FC1 puts the following line in your /etc/sysconfig/iptables:
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
Simply remove that line and your system will stop replying to ICMP
packets. It should (but I haven't tested this) still accept those
packets it receives in reply to it's own packets.
This is potentially dangerous to the proper operation of your network
connection, however (ICMP is important for proper network functionality)
A slightly better solution would be to add the following line -before-
the default ICMP line:
-A RH-Firewall-1-INPUT -p icmp --icmp-type echo-request DROP
More information about the fedora-list
mailing list