LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-01-2006, 12:54 PM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,113

Rep: Reputation: 57
Blocking ICMP requests


Even though I issue this statement is IPTABLES:

$IPTABLES -A INPUT -i $EXTIF -p ICMP -j DROP

or

$IPTABLES -A INPUT -p ICMP -j DROP

My firewall is still replying to requests. Any suggestions?
 
Old 04-01-2006, 01:01 PM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 151Reputation: 151
Those rules look OK so I'm not sure what's going wrong. I use -t filter as well in my rules, but since that's the default table you don't have to have it there, e.g.:
Code:
iptables -t filter -A INPUT -p ICMP -i ${EXT_IF} -j DROP
However, if you're using sysctl, you can add the following to /etc/sysctl.conf and then run sysctl -p to turn off ping responses:
Code:
net.ipv4.icmp_echo_ignore_all = 1
 
Old 04-01-2006, 05:13 PM   #3
michaelsanford
Member
 
Registered: Feb 2005
Location: Ottawa/Montréal
Distribution: Slackware + Darwin (MacOS X)
Posts: 468

Rep: Reputation: 30
http://72.14.203.104/search?q=cache:...ient=firefox-a

There are also kernel parameters here
/proc/sys/net/ipv4/icmp_*
 
Old 04-02-2006, 06:51 AM   #4
abhi.b
LQ Newbie
 
Registered: Apr 2006
Posts: 12

Rep: Reputation: 0
Try using this command : -
iptables -I INPUT -p icmp -j REJECT -t mangle

Also as mentioned the kernel parameter /proc/sys/net/ipv4/icmp_echo_ignore_all is the best way to stop the ping at the kernel level.
 
Old 04-02-2006, 12:48 PM   #5
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,113

Original Poster
Rep: Reputation: 57
I have never seen this before but what had happenned was this. It was my VOIP modem/router that sits in front of my network that was and still is allowing ICMP replys. It was setup on gateway mode and it has telnet running on it thus allowing port 23 to be open. What I cant figure out is how that was allowing other ports that were blocked by my firewall to be allowed through? I called my VOIP provider and they said that those services could not be disabled.Can anybody please explain.

Last edited by metallica1973; 04-02-2006 at 01:54 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall blocking some POP3 requests Funky D Linux - Networking 5 09-23-2005 04:21 PM
ICMP traffic archives/writing ICMP traffic in a file maia_1 Programming 0 07-20-2004 03:43 AM
Problem of blocking ICMP packets while calculating Path MTU myself_rajat Linux - Networking 3 05-11-2004 12:47 AM
blocking DHCP requests jjfate Linux - Networking 4 06-20-2003 01:49 PM
ICMP packet requests Ch@meleon Linux - General 0 11-29-2001 12:03 PM


All times are GMT -5. The time now is 06:03 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration