You are not logged in.
speng@spengpc ~ $ sudo iptables -L
Password:
Chain INPUT (policy DROP)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp address-mask-reply
DROP icmp -- anywhere anywhere icmp address-mask-request
DROP icmp -- anywhere anywhere icmp router-solicitation
DROP icmp -- anywhere anywhere icmp router-advertisement
DROP icmp -- anywhere anywhere icmp redirect
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
interfaces all -- anywhere anywhere
open all -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere tcp dpt:1337
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP all -f anywhere anywhere
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP icmp -- anywhere anywhere icmp echo-request
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:1337
Chain interfaces (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain open (1 references)
target prot opt source destination
I followed the wiki and I could still be pinged from the interwebs, then I copied and slightly modified the script in the wiki and I can still be pinged.
What am I doing wrong? I want to block all ping requests from outside my network.
Last edited by speng (2009-11-02 21:18:25)
Offline
What am I doing wrong? I want to block all ping requests from outside my network.
The ACCEPT here comes before your DROP echo-request below.
DROP icmp -- anywhere anywhere icmp address-mask-reply
DROP icmp -- anywhere anywhere icmp address-mask-request
DROP icmp -- anywhere anywhere icmp router-solicitation
DROP icmp -- anywhere anywhere icmp router-advertisement
DROP icmp -- anywhere anywhere icmp redirect
ACCEPT icmp -- anywhere anywhere
Move thise to come before the ACCEPT icmp above...
DROP icmp -- anywhere anywhere icmp echo-request
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Thanks for posting fukawi2,
speng@spengpc ~ $ sudo iptables -L
Password:
Chain INPUT (policy DROP)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp address-mask-reply
DROP icmp -- anywhere anywhere icmp address-mask-request
DROP icmp -- anywhere anywhere icmp router-solicitation
DROP icmp -- anywhere anywhere icmp router-advertisement
DROP icmp -- anywhere anywhere icmp redirect
DROP icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
interfaces all -- anywhere anywhere
open all -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere tcp dpt:1337
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP all -f anywhere anywhere
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:1337
Chain interfaces (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain open (1 references)
target prot opt source destination
New iptables, same problem, I can be pinged from outside my network.
Offline
What address are you pinging? And what is the output of `ip a s`?
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
I'm getting other people to ping me, that's what I want to block.
speng@spengpc ~ $ ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:1c:10:60:ab:fa brd ff:ff:ff:ff:ff:ff
inet 192.168.1.101/24 brd 192.168.1.255 scope global wlan0
Thanks for posting!
Offline
I'm getting other people to ping me, that's what I want to block.
You didn't answer my question
What address are you pinging?
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Maybe you want to try something like firestarter
aur/firestarter 1.0.3-8 (73)
GUI fron-end for iptables
Offline
speng wrote:I'm getting other people to ping me, that's what I want to block.
You didn't answer my question
What address are you pinging?
78.33.200.65
And I don't really want to use firestarter, I want to do it in iptables. I've been checking guides as well, I'm pretty sure I'm doing it right.
I was able to block myself sending ping requests but I can't seem to be able to block incoming requests.
Offline
OK, there's your problem...
The output from `ip a s` above shows that the IP address of *your computer* is 192.168.1.101. The 78.33.200.65 address you are pinging is assigned to your modem/router, so it is what is responding to the pings -- they never reach your computer. If you try pinging the 192.168.1.101 address from another computer on your local network, then the ping's will be dropped. The appear 'invisible' to the internet, you'll need to configure your modem to drop ICMP echo-requests.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
OK, there's your problem...
The output from `ip a s` above shows that the IP address of *your computer* is 192.168.1.101. The 78.33.200.65 address you are pinging is assigned to your modem/router, so it is what is responding to the pings -- they never reach your computer. If you try pinging the 192.168.1.101 address from another computer on your local network, then the ping's will be dropped. The appear 'invisible' to the internet, you'll need to configure your modem to drop ICMP echo-requests.
Perfect answer, thanks.
Pretty stupid of me though, I should know these things.
Offline