|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
RE: [PLUG] Firewall Check
|
We'll i'm confused by that question as that would only limit icmp. I'm
thinking you may be slightly confused about ip networking.
You have three commonly used protocols running across IP ICMP, TCP, and
UDP. ICMP is the Internet Control Message Protocol and was intended for use
as an error control mechanism for IP. It is considered part of IP not an
application layer service running on top of it like a TCP (ssh) or UDP(dns)
service. Pings are part of the icmp protocol.
For those two commands below, the first tells the os to ignore all icmp
packets with an ICMP type of 8 (echo request ie ping) thet second is a
subset of that which tells it to ignore all icmp packets with an ICMP type
of 8 which were sent to the broadcast address.
Kevin Ruse
Kvaerner Philadelphia Shipyard
-----Original Message-----
From: Paul [mailto:emailme@dpagin.net]
Sent: Tuesday, September 23, 2003 7:08 PM
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] Firewall Check
Ruse, Kevin KPSI wrote:
>If you want to block pings, you can also do a
>
>echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
>echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
>
>
Very cool. I think, if anything, I would only limit ICMP. Hmm...how
would I do that?
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|