[lug] making ping not respond

Shannon Johnston nunar at nunar.com
Mon Feb 11 10:14:06 MST 2002


On a large portion of the servers I run, I disable ping entirely. It
hasn't caused problems for me at all.

In the /etc/sysctl.conf file, add:

net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_ehco_ignore_broadcasts = 1

Then restart networking.


Shannon






On Sun, 2002-02-10 at 09:31, Richard Fifarek wrote:
> On Sat, 9 Feb 2002, Timothy C. Klein wrote:
> 
> > Am I just confused, or isn't blocking all ICMP packets *way* too broad?  I
> > thought the firewall HOWTO mentioned that many ICMP packets are
> > absolutely essential, and your networking will function poorly if they
> > are all turned off?
> 
> 	Not absolutely essential, but certainly nice to have.  Here's the 
> URL describing why: 
> http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO-5.html#ss5.2
> 
> 	This is where iptables is a neccessary upgrade because it allows 
> stateful filtering, as Dan Radom mentioned.
> 
> 	     -----------------------------------------------------
> 	     Richard H. Fifarek	       		rfifarek at silug.org
>              -----------------------------------------------------
> 
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug




More information about the LUG mailing list