Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Ivan on June 22, 2002, 01:57:05 AM

Title: ping on external interface
Post by: Ivan on June 22, 2002, 01:57:05 AM

I have sme 5.1.2 with update. Acting as a public gateway. Is there any way to stop ping on externall interface only? Private gateway setting is to strict for me - it will disable pings (and traceroute) both ways.

thanks in advance,
Ivan

Title: Re: ping on external interface
Post by: Damien Curtain on June 22, 2002, 05:09:43 AM

Ivan wrote:
>
> I have sme 5.1.2 with update. Acting as a public gateway. Is
> there any way to stop ping on externall interface only?
> Private gateway setting is to strict for me - it will disable
> pings (and traceroute) both ways.

What you could do is reorder the outgoing and incoming icmp rules in /etc/rc.d/init.d/masq (using templates etc. etc....)|

And the type you need to set to deny is echo-request, so

/sbin/ipchains --append icmpIn --proto icmp --icmp-type echo-request --jump
ACCEPT

could become

/sbin/ipchains --append icmpIn --proto icmp --icmp-type echo-request --jump DENY

again in template fragments etc. etc.
--
 Damien