Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-14-2005, 07:31 AM
|
#1
|
LQ Newbie
Registered: Oct 2003
Location: Uk
Distribution: mandrake
Posts: 14
Rep:
|
ipcop, block icmp on red interface
Hi all
I'm having fun with ip cop at the moment which i have just installed. It's all running well but I would like to make some changes to the way it works. I wish to block icmp to the red int ip of it from the wan. Any ideas how i do this i presume i will need to modify a script somewhere? Any ideas would be appreciated.
regards
webstuff
|
|
|
02-14-2005, 07:41 AM
|
#2
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
the iptables rule to block all icmp traffic from one zone to another would look like this:
Code:
iptables -A FORWARD -p ICMP -i ethX -o ethY -j DROP
obviously you'd need to replace ethX and ethY with your actual interfaces...
Last edited by win32sux; 02-14-2005 at 07:43 AM.
|
|
|
02-14-2005, 08:30 AM
|
#3
|
LQ Newbie
Registered: Oct 2003
Location: Uk
Distribution: mandrake
Posts: 14
Original Poster
Rep:
|
Hi
thanks for the response. I think i explained this wrong. the red int currently allows icmp from any devices connected to it through a cable to a router. I wish to block icmp from devices attached to this router, so it is not actually an interface on the ipcop to block the traffic coming from. rather something like a 192.168.*.* range. any further ideas?
cheers
|
|
|
02-14-2005, 08:44 AM
|
#4
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
this example would block icmp on that interface only when the packets are coming from subnet 192.168.0.0/24:
Code:
iptables -A FORWARD -p ICMP -i ethX -o ethY -s 192.168.0.0/24 -j DROP
|
|
|
02-15-2005, 04:11 AM
|
#5
|
LQ Newbie
Registered: Oct 2003
Location: Uk
Distribution: mandrake
Posts: 14
Original Poster
Rep:
|
which file
Hi
which file do i have to modify to add this line? on smoothwal it was sonething like firewall.up i think.
cheers
|
|
|
02-15-2005, 07:15 AM
|
#6
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
i'm not sure. i've never used ipcop. but doesn't it have like a web interface or something where you can add new custom firewall rules??
|
|
|
02-15-2005, 10:34 AM
|
#7
|
LQ Newbie
Registered: Oct 2003
Location: Uk
Distribution: mandrake
Posts: 14
Original Poster
Rep:
|
different
Hi
This is what im confused of, there is nothing in the gui about adding rules for blocking access, rules as there for allowing access. I was quite surprised you could ping the outside interface of the ipcop at all, this is not something i would expect to see allowed. unfortunately the main english support site www.ipcops.com and net are down and have been for a while i think. this is why i have posted here in case anyone had experiance of it. the joys. Cheers anyway
|
|
|
03-05-2005, 10:57 AM
|
#8
|
Member
Registered: Oct 2004
Location: Where ever I put down Lappie
Distribution: Dragged kicking and screaming to RHEL
Posts: 132
Rep:
|
Not sure if anyone is still following these tread but here you go:
1) Edit the firewall rc script (/etc/rc.d/rc.firewall)
find line (/sbin/iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT)
(line 152 for me.)
change to (/sbin/iptables -A INPUT -p icmp --icmp-type 8 -j DROP)
2) Reboot
There is also another file for personal rules (/etc/rc.d/rc.firewall.local)
|
|
|
03-18-2005, 05:11 PM
|
#9
|
Member
Registered: Jun 2004
Distribution: Ubuntu 7.10, Debian 4.0
Posts: 49
Rep:
|
The address is www.ipcop.org not . com
|
|
|
04-18-2005, 09:43 PM
|
#10
|
Member
Registered: Aug 2004
Location: Western Australia
Distribution: Mageia , Centos
Posts: 644
Rep:
|
I'm now following this thread as I think I have the same problem.
would that mean going into the secure shell thingy
and editing that file ?
and yes I was surprised to fing IP Cop replying to pings
floppy
|
|
|
All times are GMT -5. The time now is 07:43 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|