Gregory K. Ruiz-Ade wrote: > On Mar 29, 2006, at 1:12 AM, Ralph Shumaker wrote: > >> How do I get fc4 to drop ping requests? I've looked in a few places, >> but am coming up blank. > > If you're using the "built-in" firewall, add this line somewhere in the > middle (likely before any other line with "icmp" in it, or just replace > those lines with this one): > > -A RH-Firewall-1-INPUT -p icmp -j DROP > > That will drop all icmp packets on the floor, so ping & friends will no > longer work. > > It's not an elegant solution, and there are cases where pings are good > things, so use my advice at your own risk. :) >
!!! Fell-Swoop ICMP-Disabling considered harmful !!! (to app protocols and other friendlies) Quoting from Ziegler's _Linux Firewalls_, 2nd ed, p171: ------------------------------------------------------ Error Status and Control Messages Four ICMP control and status messages need to pass through a firewall: Source Quench, Parameter Problem, incoming Destination Unreachable, and outgoing Destination Unreachable of subtype Fragmentation Needed. Four other ICMP message types are optional: Echo Request, Echo Reply, other outgoing Destination Unreachable subtypes, and Time Exceeded. Other message types can be ignored, to be filtered out by the default policy. ----------------------------------------------------------------------- ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
