Under the man page for IPchains you will notice a -h icmp option. From
a terminal type ipchains -h icmp for a list of all icmp messages.
echo-reply and echo-request are the two messages you want to disable
with ipchains.
BTW, there is a howto that comes with IPchains. It explains (in a semi
cryptic manner) how to disable ping/pong.
Frank
On Mon, Jun 26, 2000 at 08:37:42AM -0500, Justin Ellison wrote:
> Use ipchains:
> /sbin/ipchains -A input -j DENY -i eth0 -p icmp -s 0.0.0.0/0 -d
0.0.0.0/0
> Note that this not only blocks people from pinging you, but it stops
you
> from pinging others.
It also blocks all forms of ICMP including ICMP UNREACHABLE and
will
break MTU discovery. Most of the time, all you will notice is that your
performance my be slightly degraded. Some (rare) applications and
connections
have been known to just flat out break, however. Use with caution.
With
netfilter, you can allow the WOULD FRAGMENT subtype to UNREACHABLE
through
while blocking everything else. This is what's recommended.
--
There is nothing wrong with
WINDOWS 2000
that Linux couldn't fix
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
