[lug] making ping not respond

Hugh Brown hugh at vecna.com
Sat Feb 9 13:21:36 MST 2002 

Borrowing from Robert Ziegler's ipchains firewall generator, this should
do the trick.  This should deny everything but outgoing http requests.

For more info, go to
http://www.linux-firewall-tools.com/linux/firewall/index.html

Hugh



IPADDR="xxx.xxx.xxx.xxx"                  # your IP address
EXTERNAL_INTERFACE="eth0"
UNPRIVPORTS="1024:65535"

    # Set the default policy of the filter to deny.
    ipchains -P input  DENY
    ipchains -P output REJECT
    ipchains -P forward DENY



    # HTTP client (80)
    # ----------------
    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
             -s $IPADDR $UNPRIVPORTS \
             --destination-port 80 -j ACCEPT

    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
             --source-port 80 \
             -d $IPADDR $UNPRIVPORTS -j ACCEPT



On Sat, 2002-02-09 at 15:13, qqq1one @yahoo.com wrote:
> I was accepting icmp packets.  That must have been it.
> 
> Anyway, if I have a standalone box and I want it to be invisible to the
> internet, but still be able to browse the web, should I just deny
> everything, and only accept tcp and udp?
> 
> 
> --- Richard Fifarek <rfifarek at silug.org> wrote:
> > Simple example:
> > 
> > ipchains -A input -p icmp -j DENY
> > ipchains -A input -p igmp -j DENY
> > 
> > To test, start a ping from a remote machine, apply the rules and see
> > if 
> > the ping stops.
> > 
> > On Sat, 9 Feb 2002, qqq1one @yahoo.com wrote:
> > 
> > > I thought I my ipchains ruleset was set up to make my box not
> > respond
> > > to external pings, but it does anyway.
> > > 
> > > I'm still trying to figure out how this is done.  Am I totally
> > > confused, or can ipchains do this?  TIA.
> > > 
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Send FREE Valentine eCards with Yahoo! Greetings!
> > > http://greetings.yahoo.com
> > > _______________________________________________
> > > Web Page:  http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > > 
> > 
> > 	     -----------------------------------------------------
> > 	     Richard H. Fifarek	       		rfifarek at silug.org
> >              -----------------------------------------------------
> > 
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Send FREE Valentine eCards with Yahoo! Greetings!
> http://greetings.yahoo.com
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
-- 
------------------------------------
System Administrator/Unix Consultant
hugh at vecna.com
Vecna Technologies, Inc
6525 Belcrest Rd, Suite 612
Hyattsville MD, 20782
301.864.7253
http://www.vecna.com
------------------------------------
Linux Professional Institute Certified - Level 1
Sair Linux and GNU Certified Administrator
AIX Certified Specialist - System Support
------------------------------------

More information about the LUG mailing list