LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 02-14-2005, 08:31 AM   #1
webstuff
LQ Newbie
 
Registered: Oct 2003
Location: Uk
Distribution: mandrake
Posts: 14

Rep: Reputation: 0
ipcop, block icmp on red interface


Hi all

I'm having fun with ip cop at the moment which i have just installed. It's all running well but I would like to make some changes to the way it works. I wish to block icmp to the red int ip of it from the wan. Any ideas how i do this i presume i will need to modify a script somewhere? Any ideas would be appreciated.

regards


webstuff
 
Old 02-14-2005, 08:41 AM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
the iptables rule to block all icmp traffic from one zone to another would look like this:

Code:
iptables -A FORWARD -p ICMP -i ethX -o ethY -j DROP
obviously you'd need to replace ethX and ethY with your actual interfaces...


Last edited by win32sux; 02-14-2005 at 08:43 AM.
 
Old 02-14-2005, 09:30 AM   #3
webstuff
LQ Newbie
 
Registered: Oct 2003
Location: Uk
Distribution: mandrake
Posts: 14

Original Poster
Rep: Reputation: 0
Hi

thanks for the response. I think i explained this wrong. the red int currently allows icmp from any devices connected to it through a cable to a router. I wish to block icmp from devices attached to this router, so it is not actually an interface on the ipcop to block the traffic coming from. rather something like a 192.168.*.* range. any further ideas?


cheers
 
Old 02-14-2005, 09:44 AM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
this example would block icmp on that interface only when the packets are coming from subnet 192.168.0.0/24:

Code:
iptables -A FORWARD -p ICMP -i ethX -o ethY -s 192.168.0.0/24 -j DROP
 
Old 02-15-2005, 05:11 AM   #5
webstuff
LQ Newbie
 
Registered: Oct 2003
Location: Uk
Distribution: mandrake
Posts: 14

Original Poster
Rep: Reputation: 0
which file

Hi

which file do i have to modify to add this line? on smoothwal it was sonething like firewall.up i think.

cheers
 
Old 02-15-2005, 08:15 AM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
i'm not sure. i've never used ipcop. but doesn't it have like a web interface or something where you can add new custom firewall rules??
 
Old 02-15-2005, 11:34 AM   #7
webstuff
LQ Newbie
 
Registered: Oct 2003
Location: Uk
Distribution: mandrake
Posts: 14

Original Poster
Rep: Reputation: 0
different

Hi

This is what im confused of, there is nothing in the gui about adding rules for blocking access, rules as there for allowing access. I was quite surprised you could ping the outside interface of the ipcop at all, this is not something i would expect to see allowed. unfortunately the main english support site www.ipcops.com and net are down and have been for a while i think. this is why i have posted here in case anyone had experiance of it. the joys. Cheers anyway
 
Old 03-05-2005, 11:57 AM   #8
merize147
Member
 
Registered: Oct 2004
Location: Where ever I put down Lappie
Distribution: Dragged kicking and screaming to RHEL
Posts: 132

Rep: Reputation: 15
Not sure if anyone is still following these tread but here you go:

1) Edit the firewall rc script (/etc/rc.d/rc.firewall)
find line (/sbin/iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT)
(line 152 for me.)
change to (/sbin/iptables -A INPUT -p icmp --icmp-type 8 -j DROP)

2) Reboot


There is also another file for personal rules (/etc/rc.d/rc.firewall.local)
 
Old 03-18-2005, 06:11 PM   #9
jml75
Member
 
Registered: Jun 2004
Distribution: Ubuntu 7.10, Debian 4.0
Posts: 49

Rep: Reputation: 15
The address is www.ipcop.org not . com
 
Old 04-18-2005, 10:43 PM   #10
floppywhopper
Member
 
Registered: Aug 2004
Location: Albany, Western Australia
Distribution: Mageia 4.1, SME Server 8
Posts: 627
Blog Entries: 2

Rep: Reputation: 55
I'm now following this thread as I think I have the same problem.

would that mean going into the secure shell thingy
and editing that file ?

and yes I was surprised to fing IP Cop replying to pings

floppy
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need IPCop to IpCop VPN assistance Freddde Linux - Networking 1 09-15-2005 03:28 PM
How to send icmp packets on a particular interface? dravya Programming 3 07-29-2004 05:15 PM
ICMP traffic archives/writing ICMP traffic in a file maia_1 Programming 0 07-20-2004 04:43 AM
Is that a good thing to block ICMP protocol on a Web server? Iced Earth Linux - Security 2 06-15-2004 07:49 AM
ipcop - can't access web interface esears Linux - Software 0 06-03-2004 07:14 AM


All times are GMT -5. The time now is 04:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration