Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Antwort: Re: [suse-security] IPTables
- From: BLeonhardt@xxxxxxxxxxx
- Date: Tue, 27 Nov 2001 16:47:32 +0100
- Message-id: <OF61D7216B.79A70FEF-ONC1256B11.005681C1@xxxxxxxxxxx>
ok ok, I think I'll try it by Bjoern Engels
>
> iptables -A INPUT -i eth0 -p icmp --icmp-types \
> destination-unreachable source-quench time-exceeded echo-reply \
> parameter-problem -j ACCEPT
>
I think that is because DNS, right ?
OK ... I've mailed another question too ... how to log all incoming
connections on device ippp0 ??? and how to set a limit per second ???
Mit freundlichen Grüßen
Bruno Leonhardt
CLP Domino R5 Systemadministrator
________________________________________________________________________________________________________
AnalyTek Systemhaus
Hospitalstr. 2a
D-65589 Hadamar
Tel.: 06433/81403-15
Fax : 06433/81403-40
Peter Wiersig
<wiersig@glam An: suse-security@xxxxxxxx
us.de> Kopie:
Thema: Re: [suse-security] IPTables
27.11.01
16:24
On Tuesday, 27. November 2001 16:06 Bjoern Engels wrote:
> On Tuesday, 27. November 2001 15:55, Arthur H. Johnson II wrote:
>
> > Try "iptables -I INPUT -i eth0 -p icmp -j DENY".
>
> I wouldn't do that because ICMP is not evil, it helps your box if errors
> occur. Better try
>
> iptables -A INPUT -i eth0 -p icmp --icmp-types \
> destination-unreachable source-quench time-exceeded echo-reply \
> parameter-problem -j ACCEPT
>
> iptables -A INPUT -i eth0 -p icmp -j DENY
or don't use iptables for an option which can be handled by the kernel
directly:
/proc/sys/net/ipv4/icmp_echo_ignore_all
e.g. put "cat 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all" in boot.local
Peter
--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx
| < Previous | Next > |