Blocking ICMP requests

metallica1973 · 04-01-2006, 12:54 PM

Even though I issue this statement is IPTABLES:

$IPTABLES -A INPUT -i $EXTIF -p ICMP -j DROP

or

$IPTABLES -A INPUT -p ICMP -j DROP

My firewall is still replying to requests. Any suggestions?

gilead · 04-01-2006, 01:01 PM

Those rules look OK so I'm not sure what's going wrong. I use -t filter as well in my rules, but since that's the default table you don't have to have it there, e.g.:

Code:

iptables -t filter -A INPUT -p ICMP -i ${EXT_IF} -j DROP

However, if you're using sysctl, you can add the following to /etc/sysctl.conf and then run sysctl -p to turn off ping responses:

Code:

net.ipv4.icmp_echo_ignore_all = 1

michaelsanford · 04-01-2006, 05:13 PM

http://72.14.203.104/search?q=cache:...ient=firefox-a

There are also kernel parameters here
/proc/sys/net/ipv4/icmp_*

abhi.b · 04-02-2006, 06:51 AM

Try using this command : -
iptables -I INPUT -p icmp -j REJECT -t mangle

Also as mentioned the kernel parameter /proc/sys/net/ipv4/icmp_echo_ignore_all is the best way to stop the ping at the kernel level.

metallica1973 · 04-02-2006, 12:48 PM

I have never seen this before but what had happenned was this. It was my VOIP modem/router that sits in front of my network that was and still is allowing ICMP replys. It was setup on gateway mode and it has telnet running on it thus allowing port 23 to be open. What I cant figure out is how that was allowing other ports that were blocked by my firewall to be allowed through? I called my VOIP provider and they said that those services could not be disabled.Can anybody please explain.