hi guys, please help to give some insight on how to block ICMP or ping request in a web server? thanks..
cguan_77
8
Nearly a Posting Virtuoso
Recommended Answers
Jump to PostWhich OS?
Which webserver?
Which firewall?
You know, basic information about your setup.
All 3 Replies
Salem
5,138
Posting Sage
Which OS?
Which webserver?
Which firewall?
You know, basic information about your setup.
sknake
1,622
Senior Poster
Featured Poster
In addition to the information Salem requested here is one way to go about it:
IANA Numeric ICMP Types:
http://www.iana.org/assignments/icmp-parameters
iptables block on type:
${IPTABLES} -A INPUT -p icmp --icmp-type 8 -j DROPDO NOT join the rest of the world and block all ICMP traffic.
iptables man page:
TCPMSS
This target allows to alter the MSS value of TCP SYN packets, to control the maximum size for that connection (usually limiting it to your outgoing interface's MTU minus 40). Of course, it can only be used in conjunction
with -p tcp. It is only valid in the mangle table.
This target is used to overcome criminally braindead ISPs or servers which block ICMP Fragmentation Needed packets. The symptoms of this problem are that everything works fine from your Linux firewall/router, but machines
behind it can never exchange large packets:
cguan_77
8
Nearly a Posting Virtuoso
thanks..for the replies.. :)
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.