0

hi guys, please help to give some insight on how to block ICMP or ping request in a web server? thanks..

3
Contributors
3
Replies
4
Views
8 Years
Discussion Span
Last Post by cguan_77
0

In addition to the information Salem requested here is one way to go about it:

IANA Numeric ICMP Types:
http://www.iana.org/assignments/icmp-parameters

iptables block on type:

${IPTABLES} -A INPUT -p icmp --icmp-type 8 -j DROP

DO NOT join the rest of the world and block all ICMP traffic.

iptables man page:

TCPMSS
This target allows to alter the MSS value of TCP SYN packets, to control the maximum size for that connection (usually limiting it to your outgoing interface's MTU minus 40). Of course, it can only be used in conjunction
with -p tcp. It is only valid in the mangle table.
This target is used to overcome criminally braindead ISPs or servers which block ICMP Fragmentation Needed packets. The symptoms of this problem are that everything works fine from your Linux firewall/router, but machines
behind it can never exchange large packets:

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.