[lug] making ping not respond

qqq1one @yahoo.com qqq1one at yahoo.com
Sat Feb 9 13:32:58 MST 2002


Thanks.

--- Hugh Brown <hugh at vecna.com> wrote:
> Borrowing from Robert Ziegler's ipchains firewall generator, this
> should
> do the trick.  This should deny everything but outgoing http
> requests.
> 
> For more info, go to
> http://www.linux-firewall-tools.com/linux/firewall/index.html
> 
> Hugh
> 
> 
> 
> IPADDR="xxx.xxx.xxx.xxx"                  # your IP address
> EXTERNAL_INTERFACE="eth0"
> UNPRIVPORTS="1024:65535"
> 
>     # Set the default policy of the filter to deny.
>     ipchains -P input  DENY
>     ipchains -P output REJECT
>     ipchains -P forward DENY
> 
> 
> 
>     # HTTP client (80)
>     # ----------------
>     ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
>              -s $IPADDR $UNPRIVPORTS \
>              --destination-port 80 -j ACCEPT
> 
>     ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
>              --source-port 80 \
>              -d $IPADDR $UNPRIVPORTS -j ACCEPT
> 
> 
> 
> On Sat, 2002-02-09 at 15:13, qqq1one @yahoo.com wrote:
> > I was accepting icmp packets.  That must have been it.
> > 
> > Anyway, if I have a standalone box and I want it to be invisible to
> the
> > internet, but still be able to browse the web, should I just deny
> > everything, and only accept tcp and udp?
> > 
> > 
> > --- Richard Fifarek <rfifarek at silug.org> wrote:
> > > Simple example:
> > > 
> > > ipchains -A input -p icmp -j DENY
> > > ipchains -A input -p igmp -j DENY
> > > 
> > > To test, start a ping from a remote machine, apply the rules and
> see
> > > if 
> > > the ping stops.
> > > 
> > > On Sat, 9 Feb 2002, qqq1one @yahoo.com wrote:
> > > 
> > > > I thought I my ipchains ruleset was set up to make my box not
> > > respond
> > > > to external pings, but it does anyway.
> > > > 
> > > > I'm still trying to figure out how this is done.  Am I totally
> > > > confused, or can ipchains do this?  TIA.
> > > > 
> > > > __________________________________________________
> > > > Do You Yahoo!?
> > > > Send FREE Valentine eCards with Yahoo! Greetings!
> > > > http://greetings.yahoo.com
> > > > _______________________________________________
> > > > Web Page:  http://lug.boulder.co.us
> > > > Mailing List:
> http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > > > 
> > > 
> > > 	     -----------------------------------------------------
> > > 	     Richard H. Fifarek	       		rfifarek at silug.org
> > >             
> -----------------------------------------------------
> > > 
> > > _______________________________________________
> > > Web Page:  http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > 
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Send FREE Valentine eCards with Yahoo! Greetings!
> > http://greetings.yahoo.com
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> -- 
> ------------------------------------
> System Administrator/Unix Consultant
> hugh at vecna.com
> Vecna Technologies, Inc
> 6525 Belcrest Rd, Suite 612
> Hyattsville MD, 20782
> 301.864.7253
> http://www.vecna.com
> ------------------------------------
> Linux Professional Institute Certified - Level 1
> Sair Linux and GNU Certified Administrator
> AIX Certified Specialist - System Support
> ------------------------------------
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug


__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com



More information about the LUG mailing list