Board index Linux Security

Can I prevent pinging from others and still ping others?

Can I prevent pinging from others and still ping others?

Post by ljj » Sun, 08 Jul 2001 19:17:32



hi,all
   I have a question about 'ping' work with netfilter.How can I
ban the icmp echo message out and still can send icmp request message
out and can recieve the icmp echo message at the same time.e.g.
I wish I can ping other computer which don't ban icmp echo,but I
also want my computer can't respond the 'ping' from others.I use
iptables.can I?
    Thanks in Advance.
 
 
 
Top

Can I prevent pinging from others and still ping others?

Post by Luke Voge » Sun, 08 Jul 2001 20:03:15



> hi,all
>    I have a question about 'ping' work with netfilter.How can I
> ban the icmp echo message out and still can send icmp request message
> out and can recieve the icmp echo message at the same time.e.g.
> I wish I can ping other computer which don't ban icmp echo,but I
> also want my computer can't respond the 'ping' from others.I use
> iptables.can I?
>     Thanks in Advance.

## LOG all pings. ##
$IPTABLES -A EXTERNAL-input -i $EXTERNAL -p icmp --icmp-type 8 -m limit
\
     --limit 5/minute -j LOG --log-level 6 --log-prefix "PING "
## Then drop 'em        
$IPTABLES -A EXTERNAL-input -i $EXTERNAL -p icmp --icmp-type 8 -j DROP

--
Regards
Luke
------
Q:  What does FAQ stand for?
A:  We are Frequently Asked this Question, and we have no idea.
------
PLEASE NOTE: Spamgard (tm) installed.

------

 
 
 
Top

Can I prevent pinging from others and still ping others?

Post by Tim Hayne » Sun, 08 Jul 2001 21:46:38



>    I have a question about 'ping' work with netfilter.How can I ban the
> icmp echo message out and still can send icmp request message out and can
> recieve the icmp echo message at the same time.e.g. I wish I can ping
> other computer which don't ban icmp echo,but I also want my computer
> can't respond the 'ping' from others.I use iptables.can I?

Works out of the box if you're using connection tracking. A pong is RELATED
to an outgoing ping request; OTOH an incoming ping is a NEW thing.

 | iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
 | iptables -A block -m state --state NEW -j DROP

or something like that - which you should really have in the first place :)

~Tim
--

                                            |http://spodzone.org.uk/

 
 
 
Top

Can I prevent pinging from others and still ping others?

Post by mado » Mon, 09 Jul 2001 00:30:07


echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all



> >    I have a question about 'ping' work with netfilter.How can I ban the
> > icmp echo message out and still can send icmp request message out and
can
> > recieve the icmp echo message at the same time.e.g. I wish I can ping
> > other computer which don't ban icmp echo,but I also want my computer
> > can't respond the 'ping' from others.I use iptables.can I?

> Works out of the box if you're using connection tracking. A pong is
RELATED
> to an outgoing ping request; OTOH an incoming ping is a NEW thing.

>  | iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
>  | iptables -A block -m state --state NEW -j DROP

> or something like that - which you should really have in the first place
:)

> ~Tim
> --
> Gabrielle and Madelene were just dolls.


- Show quoted text -

Quote:>                                             |http://spodzone.org.uk/

 
 
 
Top

Can I prevent pinging from others and still ping others?

Post by kimod » Mon, 09 Jul 2001 01:48:05


ip tables is a good way to do this....but there are countless linux
firewalls that are capable of this...look on the net.

> hi,all
>    I have a question about 'ping' work with netfilter.How can I
> ban the icmp echo message out and still can send icmp request message
> out and can recieve the icmp echo message at the same time.e.g.
> I wish I can ping other computer which don't ban icmp echo,but I
> also want my computer can't respond the 'ping' from others.I use
> iptables.can I?
>     Thanks in Advance.

 
 
 
Top

Can I prevent pinging from others and still ping others?

Post by sver » Mon, 09 Jul 2001 08:34:06



> ip tables is a good way to do this....but there are countless linux
> firewalls that are capable of this...look on the net.


>> hi,all
>>    I have a question about 'ping' work with netfilter.How can I
>> ban the icmp echo message out and still can send icmp request message
>> out and can recieve the icmp echo message at the same time.e.g.
>> I wish I can ping other computer which don't ban icmp echo,but I
>> also want my computer can't respond the 'ping' from others.I use
>> iptables.can I?
>>     Thanks in Advance.

configure your firewall to block incoming ICMP echo_requests (8) and
permit outgouing ICMP echo_requests and incoming ICMP echo_replies (0)

or, with 2.2, you can simply run
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

--


 
 
 
Top

1. Can't ping local host but can ping others

Hi,

System: FreeBSD 3.2 on Pentium platform.

It was working fine until today.  Today I installed MySQL and Webmin and
configured NFS.  All worked fine except I can't ping localhost (127.0.0.1).
/etc/hosts has the line says 127.0.0.1 localhost.  Where should I look at?

Thanks,
Joseph

2. Sendmail adds domain

3. D-link DE220 can PING his own IP, but can't PING others'

4. Can't run dump command

5. Can ping linux itself, but can't ping others

6. getting home directory

7. Ping==nfs==good, telnet+others!=good

8. Where find Solaris 2.6 or 7 iso images?

9. when linux boots, others can't ping me

10. ping (and others) fail above a certain size

11. Gateway machine can't ping others on LAN

12. A pings B, B pings C, C cannot ping A

13. Canned "ping"


All times are UTC
Board index