how to drop incomming icmp request

sunlinux · 11-29-2006, 02:24 AM

Using Redhat AS , i want to drop a incomming ping(ICMP) request on a interface.plz tell me how do i chaive it

amitsharma_26 · 11-29-2006, 12:01 PM

Code:

iptables -A INPUT -i ethX -p icmp --icmp-type 8 -j DROP

sunlinux · 11-29-2006, 10:55 PM

Quote:

Originally Posted by amitsharma_26

Code:

iptables -A INPUT -i ethX -p icmp --icmp-type 8 -j DROP

It didn't work still i am able to ping my sysytem from a other systems & also tell me how to log firewall message (drop etc)

amitsharma_26 · 11-30-2006, 07:07 AM

Are you running any preexisting rules at your box ?? (if yes then please post your script)

Second if you want to log the above mentioned icmp packets coming at your box, then you got to place the log rule prior to the DROP or ACCEPT rule as LOG rules allow packets still to traverse to the next rule (which is different from the regular rules which doesnt let packets go further down in iptable rules table)

In the above rule instead of -j DROP you got to replace it with

Code:

-j LOG --log-prefix "ICMP PACKETS"

sunlinux · 12-01-2006, 03:35 AM

Is it possible that i can ping any system n nobody can ping my system..! if yes then how ?

amitsharma_26 · 12-01-2006, 06:26 AM

Quote:

Originally Posted by sunlinux

Is it possible that i can ping any system n nobody can ping my system..! if yes then how ?

Code:

iptables -A INPUT -p icmp --icmp-type 8 -s ! YOUR-OWN-IP -j DROP