How to configure firewall to not reply to pings?
How to configure firewall to not reply to pings?
Hi all
i installed linux firewall and to test it i used grc site,it passed the stealth test but failed to block pings:
[quote]
Ping Reply: RECEIVED (FAILED)
i installed linux firewall and to test it i used grc site,it passed the stealth test but failed to block pings:
[quote]
Ping Reply: RECEIVED (FAILED)
- mayakovski
- Posts: 124
- Joined: Sun 20 Nov 2005, 00:42
- Location: Comox, BC, CANADA
From BarryK developer newsShieldsUp! does report that my PC responds to pings, however this is not a security hazard -- in fact as explained on the Linux Firewall home site (www.projectfiles.com/firewall/), it is contrary to recommended standards to disable ping acknowledgement -- my ISP pings me, I think to check that I'm still there. But, the Linux Firewall docs state that if you are really paranoid, you can set "RFC_1122_COMPLIANT=no" in /etc/rc.d/rc.firewall to disable ping.
http://www.goosee.com/puppy/news2005.htm
So try setting "RFC_1122_COMPLIANT=no" in /etc/rc.d/rc.firewall
fake it until you make it
- mayakovski
- Posts: 124
- Joined: Sun 20 Nov 2005, 00:42
- Location: Comox, BC, CANADA
gnomen wrote:From BarryK developer newsShieldsUp! does report that my PC responds to pings, however this is not a security hazard -- in fact as explained on the Linux Firewall home site (www.projectfiles.com/firewall/), it is contrary to recommended standards to disable ping acknowledgement -- my ISP pings me, I think to check that I'm still there. But, the Linux Firewall docs state that if you are really paranoid, you can set "RFC_1122_COMPLIANT=no" in /etc/rc.d/rc.firewall to disable ping.
http://www.goosee.com/puppy/news2005.htm
So try setting "RFC_1122_COMPLIANT=no" in /etc/rc.d/rc.firewall
I am also new to Puppy 2 after years of Windozing. I also went to GRC.com and everything is fine except it respond to ping (ICMP) How do you turn this off? I clicked on the link provided above and its dead. I would like to try the command "RFC_1122_COMPLIANT=no" in /etc/rc.d/rc.firewall but I don't really know where to type this. Is there a way to turn this ICMP off in Puppy 2?
Clockman
Hi Lobster
Yes, its there, Thank you. Well, there is a Puppy page there and a guy that mentions the "RFC_1122_COMPLIANT=no" in /etc/rc.d/rc.firewall somewhere on the page but that doesn't help me a bit.
Where do you type that "RFC_1122_COMPLIANT=no" in /etc/rc.d/rc.firewall? Or where is it? In Linux everything is different from Windows, so honestly I can't tell neither head or tail of all this "RFC_1122_COMPLIANT stuff.
That's one thing I noticed from the Linux users, they type a lot of informations, but they don't explain anything, just as if to keep it for gurus like themselves, like for the "initiated only", or they think everybody understand what they're typing as if everyone is in their head. They're not that much enclined to help. At least in Windows, I could provide some help to others and get some when I needed it.
With the Fedora Forum its the same attitude. I'll give it a few days and if I see that Linux is followed by people with a "know better than thou attitude". I'll go back to the MicroSoft products. Simple as that.
I have the dog in hostage. If you don't tell me how to setup this stuff, the puppy's gonna get it.
Clockman
Well i'm not sure how this would be done in linux, But you would need to Block the rule called IP-IN..
Thats how i achieved Full Stealth and passed the test on the GRC ( shields up! ) website.. Ha HA HA
Thats awesome, Freakin awesome..!
Thats how i achieved Full Stealth and passed the test on the GRC ( shields up! ) website.. Ha HA HA
Thats awesome, Freakin awesome..!
Puppy is Awesome..!!!!
[url=http://www.puppylinux.com/][img]http://www.browserloadofcoolness.com/sig.png[/img][/url]
[url=http://www.puppylinux.com/][img]http://www.browserloadofcoolness.com/sig.png[/img][/url]
- BarryK
- Puppy Master
- Posts: 9392
- Joined: Mon 09 May 2005, 09:23
- Location: Perth, Western Australia
- Contact:
Clockman,
The reason no further explanation was given is that it is dead easy to do, even
for a Windows user.
After you have run the Firewall Wizard (in the Setup menu) and accepted the
defaults, you will have a file rc.firewall, located in directory /etc/rc.d/
Start Rox file manager (icon top-left of screen), navigate to /etc/rc.d, left
click on rc.firewall and choose to "Open in text editor"
Scroll down, or use the search tool, and you will find this line:
I'll leave you to figure out the final steps.
You may have to reboot Puppy afterward for it to take effect.
(Though, it is possible to stop and restart the firewall without rebooting)
The reason no further explanation was given is that it is dead easy to do, even
for a Windows user.
After you have run the Firewall Wizard (in the Setup menu) and accepted the
defaults, you will have a file rc.firewall, located in directory /etc/rc.d/
Start Rox file manager (icon top-left of screen), navigate to /etc/rc.d, left
click on rc.firewall and choose to "Open in text editor"
Scroll down, or use the search tool, and you will find this line:
Code: Select all
RFC_1122_COMPLIANT="yes"
You may have to reboot Puppy afterward for it to take effect.
(Though, it is possible to stop and restart the firewall without rebooting)
Making firewall not respond to ping
Iam using Puppy 2.11
I too was was getting a ping response from ShieldsUp at www. grc.com even though I had set up the firewall with the wizard and chose the default settings. Following the suggestions given by BarryK on this forum, I used Rox file manager to change the RFC_1122_compliant to "no". Now I get no ping response at ShieldsUp and all ports are stealthed.
One thing I really like about Puppy is that I can try making changes knowing that if I make a mistake and break the system I can always delete the pup_save.sfs file on my HD, and reload Puppy from the CD. Puppy gives me the freedom to experiment and learn about Linux.
Long live Puppy
I too was was getting a ping response from ShieldsUp at www. grc.com even though I had set up the firewall with the wizard and chose the default settings. Following the suggestions given by BarryK on this forum, I used Rox file manager to change the RFC_1122_compliant to "no". Now I get no ping response at ShieldsUp and all ports are stealthed.
One thing I really like about Puppy is that I can try making changes knowing that if I make a mistake and break the system I can always delete the pup_save.sfs file on my HD, and reload Puppy from the CD. Puppy gives me the freedom to experiment and learn about Linux.
Long live Puppy
http://lfw.sf.net/
The final version of the linux firewall (puppy has 2.0RC9) has RFC_1122_COMPLIANT="depends" and gives no response to pings.
The final version of the linux firewall (puppy has 2.0RC9) has RFC_1122_COMPLIANT="depends" and gives no response to pings.