ok ok, I think I'll try it by Bjoern Engels
iptables -A INPUT -i eth0 -p icmp --icmp-types \ destination-unreachable source-quench time-exceeded echo-reply \ parameter-problem -j ACCEPT
I think that is because DNS, right ?
OK ... I've mailed another question too ... how to log all incoming
connections on device ippp0 ??? and how to set a limit per second ???
Mit freundlichen Grüßen
Bruno Leonhardt
CLP Domino R5 Systemadministrator
________________________________________________________________________________________________________
AnalyTek Systemhaus
Hospitalstr. 2a
D-65589 Hadamar
Tel.: 06433/81403-15
Fax : 06433/81403-40
Peter Wiersig
On Tuesday, 27. November 2001 15:55, Arthur H. Johnson II wrote:
Try "iptables -I INPUT -i eth0 -p icmp -j DENY".
I wouldn't do that because ICMP is not evil, it helps your box if errors occur. Better try
iptables -A INPUT -i eth0 -p icmp --icmp-types \ destination-unreachable source-quench time-exceeded echo-reply \ parameter-problem -j ACCEPT
iptables -A INPUT -i eth0 -p icmp -j DENY
or don't use iptables for an option which can be handled by the kernel directly: /proc/sys/net/ipv4/icmp_echo_ignore_all e.g. put "cat 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all" in boot.local Peter -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com