VectorLinux
December 19, 2014, 06:35:31 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
  Print  
Author Topic: HOWTO: Disabling pinging in the ufw firewall - UPDATE!  (Read 8480 times)
macondo
Member
*
Posts: 57


« on: July 10, 2012, 10:09:06 am »

http://www.shibuvarkala.com/2008/10/disable-ping-response-in-ubuntu-linux.html


Code:
# nano /etc/sysctl.conf

Start on line 30:
Code:
net/ipv4/icmp_echo_ignore_broadcasts=1

net/ipv4/icmp_echo_ignore_all=1

net/ipv4/icmp_ignore_bogus_error_responses=1

check your system on www.grc.com (ShieldsUp), this is what i got:


"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice."


PSS: I made a mistake copying the file address, it should read:

Code:
/etc/ufw/sysctl.conf
« Last Edit: July 29, 2012, 10:15:13 am by macondo » Logged

VL 7.0 Light - Barebones Install - Kernel 3.0.17
Debian Testing - Minimal Install - kernel 3.4.0-6.dmz.1-liquorix-686
Desktop: Atom Processor || 1 GB RAM || 500 GB HD
macondo
Member
*
Posts: 57


« Reply #1 on: July 12, 2012, 08:44:13 am »

I must apologize for the ambiguity of the title on this howto, as per pierce.jason this could work with ufw being installed or not. My bad! Apologies
Logged

VL 7.0 Light - Barebones Install - Kernel 3.0.17
Debian Testing - Minimal Install - kernel 3.4.0-6.dmz.1-liquorix-686
Desktop: Atom Processor || 1 GB RAM || 500 GB HD
Darin
Member
*
Posts: 35



« Reply #2 on: July 12, 2012, 06:45:01 pm »

Here is a .bz2 of files and instructions on how to do it quickly. I get the same results from shieldsup and have had this on my SuperGamer releases for the last 3 releases.
Logged
macondo
Member
*
Posts: 57


« Reply #3 on: July 29, 2012, 10:20:13 am »

Just found this in the internet and tried it and it worked on Debian:
https://help.ubuntu.com/community/UFW

Code:
You need to edit /etc/ufw/before.rules and remove edit the following lines:

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

Change the "ACCEPT" to "DROP" or

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

IOW, change the last word from ACCEPT to DROP

Reboot, and then try ShieldsUp at www.grc.com

I got this review:
"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice."

PS: I forgot to mention it worked fine in VL7 Light  Cheesy
« Last Edit: July 30, 2012, 07:43:11 am by macondo » Logged

VL 7.0 Light - Barebones Install - Kernel 3.0.17
Debian Testing - Minimal Install - kernel 3.4.0-6.dmz.1-liquorix-686
Desktop: Atom Processor || 1 GB RAM || 500 GB HD
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!