On Fri, 20 Sep 2002, Nikolai wrote: > I have setup the following rules for my ipchains: > > :input ACCEPT > :forward DENY > :output ACCEPT > > -A input -j DENY -p all -l -s 127.0.0.0/8 -i eth0 -d 0.0.0.0/0 > -A input -i eth0 -s 0/0 -d 0/0 -p tcp -y -j DENY -l
As you may see, the protocol you have DENY is "-p tcp" (at the second line). You may add fully identical row at the end except proto=ICMP, like this: -A input -i eth0 -s 0/0 -d 0/0 -p ICMP -j DENY -l or: -A input -i eth0 -s 0/0 -d 0/0 8 -p ICMP -j DENY -l Good luck! > > I did an online-based scan at scan.sygate.com and everything appears to > be 'blocked' except ICMP service on port 8. > > Can someone please help me with how to close this hole as well? > > Some background: > my kernel is 2.4.18 (with Mandrake 8.2) > I'm new to Linux/GNU in general and security in particular. > > Thanks > Nikolai --
