Ping Security question. (short)

voodoochild7 · 02-16-2002, 06:06 PM

ipchains -A -s "your ip" -d "your ip " output -p icmp -j ACCEPT

not allow sorry.

raz · 02-19-2002, 03:45 AM

Your making the no.1 network error in what your doing.

ICMP is a message protocol, it's designed to help TCP packets get to their source with error messages.

There are many different types of ICMP messages, your blocking all of them on the INPUT chain.

This is not good, you'll have systems screwing up when they try to talk to your network.
Just block the ones that stop ping , Traceroute and Mask requests & route solicitations & Timestamps

Example:

ipchains -A output -p icmp -s 0/0 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 0 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 3 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 4 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 9 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 12 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 14 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 18 -d 0/0 -j ACCEPT
ipchains -A input -p icmp -s 0/0 --icmp-type 8 -d 0/0 -j DENY -l
ipchains -A input -p icmp -s 0/0 --icmp-type 11 -d 0/0 -j DENY -l
ipchains -A input -p icmp -s 0/0 --icmp-type 10 -d 0/0 -j DENY -l
ipchains -A input -p icmp -s 0/0 --icmp-type 5 -d 0/0 -j DENY -l

/Raz

Stingreen · 02-19-2002, 02:36 PM

How do you know what particular ICMP type corresponds to what number then?
For instance,

ipchains -A input -p icmp -s 0/0 --icmp-type 4 -d 0/0 -j ACCEPT

What is that 4?
Thanks.

Stingreen · 02-19-2002, 02:37 PM

Well, seems like I already ruined my network structure.

There was an error in my mail server "reply: read error from host.name" which I then found out that while the mail server tries to make Path MTU discovery which is based on ICMP messages, it automaticly gets denied cause I already denied all ICMP queries.
So I flushed all the IPCHAINS structure, now waiting to be answered what those ICMP events are I mentioned above.
Thank you much.

raz · 02-20-2002, 03:40 AM

Check out one of my older message.

The MTU error should be fixed by allowing ICMP type 3

http://www.linuxquestions.org/questi...=icmp+messages

/Raz

tied2 · 08-13-2002, 09:47 PM

Try firestarter as a firewall builder, it uses ip tables and when you run the wizard click advanced setup and you can block incoming pings while out going still works. As far as ip tables being busy it's probably got lokkit running ( I think thats defalt on a 7.1 install) turn it off before installing firestarter.

terek · 08-18-2002, 11:30 PM

In my linux newbieness.... from what I understand, in order to start iptables, you have to stop ipchains... they don't work well together.

tied2 · 08-19-2002, 04:13 AM

yeah thats correct. type ntsysv --level 345 from a konsole and turn off ip chains and reboot and that will take it out of the start up menu.

----------------------------------------