JaguarPC Community - Web Hosting, VPS Hosting, cPanel VPS Hosting, Hybrid Servers, Dedicated Servers, Virutal Private Servers, Managed Servers
» Hosting Community Support
» VPS & Dedicated
:
How can I block every PING / ICMP traffic?
| VPS & Dedicated Virtual Private Server / Dedicated Server Share tips and ask questions about your server or colocation service among other clients. Can't beat free support! |
 |
|
|
Thread Tools | Display Modes |
10-11-2007, 09:17 AM
|
#1 |
|
Giv me the number for 911
Join Date: Feb 2007
Posts: 119
|
How can I block every PING / ICMP traffic?
Hello,
I have a dedicated server with CentOS. 1 - I want to block every PING / ICMP, how can I do it? 2 - If possible, I want also not to send the instruction to kill the connection (SYN SENT, I guess it is called that), if anyone uses a port scanner the threads stays connected a lot of time to make a connection timeout, because it is waiting for the response and it is never sent. Regards, |
|
|
|
10-11-2007, 09:44 AM
|
#2 |
|
I am the one and only
Join Date: Nov 2005
Location: It varies
Posts: 425
|
After doing a small amount of searching on google, blocking ping / ICMP requests can be done by issuing the following commands to IP Tables
iptables -A INPUT -p icmp --icmp-type 8 -s SourceIPAddress -j DROP or by doing or echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all
__________________
Rob   |
|
|
|
|
10-11-2007, 10:09 AM
|
#3 |
|
Giv me the number for 911
Join Date: Feb 2007
Posts: 119
|
And modifying IPTABLES is persistant?
For example, if there is a machine restart, the settings are mantained? The other command I did not understood. (I am very "noob" at linux... so any help is welcome on this) |
|
|
|
|
10-11-2007, 10:17 AM
|
#4 | |
|
Pointy Stick Expert
Join Date: Nov 2002
Posts: 143
|
Quote:
To help with this, iptables-save will dump the current rules, iptables-restore does what it sounds like. |
|
|
|
|
|
10-23-2007, 04:10 AM
|
#5 |
|
Giv me the number for 911
Join Date: Feb 2007
Posts: 119
|
Thank for the help from all.
I was able to Google and do it from there... I was missing "service iptables restart" to load settings. Anyway I have found a great tutorial here, point 4: http://wiki.slicehost.com/doku.php?i...y_and_ django ===================== 4. Configure firewall (iptables) Install iptables: sudo yum -y install iptables Edit iptables config file: sudo vi /etc/sysconfig/iptablesPaste these settings: # By default drop all incoming and forwarded traffic # Allow all outgoing traffic *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] # Allow returning packets -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow incoming traffic on ports 80 and 443 for web server -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT # Allow local traffic -A INPUT -i lo -j ACCEPT # Allow ping -A INPUT -p icmp --icmp-type ping -j ACCEPT # Allow incoming SSH -A INPUT -p tcp --dport 22 -j ACCEPT COMMITSave the file ( ZZ ) Change permissions on the iptables config file so only root can read it: sudo chmod go-r /etc/sysconfig/iptables Restart iptables service: sudo service iptables restart ===================================== I had left iptables file as is, and pasted before COMMIT, with DROP instead of ACCEPT on PING : ««««««««««««««««««««««««««««« # Allow returning packets -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow incoming traffic on ports 80 and 443 for web server -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT # Allow local traffic -A INPUT -i lo -j ACCEPT # Disable ping -A INPUT -p icmp --icmp-type ping -j DROP # Allow incoming SSH -A INPUT -p tcp --dport 22 -j ACCEPT »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» service iptables restart Up and running... no ping for anyone!  Regards, |
|
|
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
