On Sun, 10 Sep 2000, ktb wrote:
> From: http://www.linuxgazette.com/issue55/stoddard.html
>
> Before you save and close the /etc/rc.d/rc.local file, we want to keep
> the system from responding to ICMP requests, such as ping
> and traceroute, so we add the following lines right after the #!/bin/sh
> line:
>
> echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
> echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Well, there is no such animal on my system. Debian doesn't use an
rc.local file, does it?
However, looks like this is being done already:
[EMAIL PROTECTED] msoulier]$ ls /proc/sys/net/ipv4
conf ip_forward tcp_max_ka_probes
icmp_destunreach_rate ip_local_port_range
tcp_max_syn_backlog
icmp_echo_ignore_all ip_masq_debug
tcp_retrans_collapse
icmp_echo_ignore_broadcasts ip_masq_udp_dloose tcp_retries1
icmp_echoreply_rate ip_no_pmtu_disc tcp_retries2
icmp_ignore_bogus_error_responses ipfrag_high_thresh tcp_rfc1337
icmp_paramprob_rate ipfrag_low_thresh tcp_sack
icmp_timeexceed_rate ipfrag_time tcp_stdurg
igmp_max_memberships neigh tcp_syn_retries
ip_always_defrag route tcp_syncookies
ip_autoconfig tcp_fin_timeout tcp_timestamps
ip_default_ttl tcp_keepalive_probes
tcp_window_scaling
ip_dynaddr tcp_keepalive_time
They're there already. However, a ping localhost still works...
[EMAIL PROTECTED] msoulier]$ ping localhost
PING localhost.localdomain (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.1 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=255 time=0.1 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=255 time=0.1 ms
--- localhost.localdomain ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.1 ms
Is the loopback interface special, or should it not be responding
to these?
Mike
