27 Nov
2001
27 Nov
'01
09:24
On Tuesday, 27. November 2001 16:06 Bjoern Engels wrote:
On Tuesday, 27. November 2001 15:55, Arthur H. Johnson II wrote:
Try "iptables -I INPUT -i eth0 -p icmp -j DENY".
I wouldn't do that because ICMP is not evil, it helps your box if errors occur. Better try
iptables -A INPUT -i eth0 -p icmp --icmp-types \ destination-unreachable source-quench time-exceeded echo-reply \ parameter-problem -j ACCEPT
iptables -A INPUT -i eth0 -p icmp -j DENY
or don't use iptables for an option which can be handled by the kernel directly: /proc/sys/net/ipv4/icmp_echo_ignore_all e.g. put "cat 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all" in boot.local Peter