SUSE / Novell :: Write IPTABLES Script To Block The ICMP Ping?
Mar 13, 2010
I was trying to write IPTABLES script to block the ICMP ping using the below mentioned command in OpenSUSE 11.2 Doing this in VMware.....
iptables -A OUTPUT -o eth0 -p icmp -j DROP
& then I tried to ping the different computer & it didnt allow me to ping.
Then I deleted using the command -
iptables -D OUTPUT -o eth0 -p icmp -j DROP
then I couldnt ping also. Another thing I found is my firefox is not connecting to the internet as well, but before writing the script, I can connect to internet.
I did a "dhclient" & iptables -F....
View 6 Replies
ADVERTISEMENT
May 21, 2011
I am setting up a virtual server. Ubuntu 11.04, "minimal provider image".UFW was disabled by default. I set it to default deny. Allowed HTTP, SSH and other standard stuff, and enabled it. All seems to be OK. Adding one rule to block some annoying security scanners causes ping not to work. I'm not an Iptables expert, but it looks OK to me. I got it from some website, rather than invented it myself, but modified to to fit the ufw config file syntax. What in that rule prevents pings?!? It seems completely unrelated.
View 1 Replies
View Related
Jan 30, 2009
i am using SUSE 11.0 KDE 4.0 i had root account installed in 8.0 Gb drive, and a normal account installed in 4.0 Gb drive .And i was using rest of space for windows (NTFS). Now i want to use a drive (NTFS) to linux for additional requirements. i want get write permissions to that drive .. am i able to get ??r else ..i need to format with EXT3?
View 3 Replies
View Related
Jul 22, 2009
Im just trying to write some script to caputre memory and cpu usage on SLES servers, I just wanna use "top |grep Mem" and "top |grep Cpu". when I ran the above command, it just keep going. i just want to get one line each for memory and cpu.
View 3 Replies
View Related
Jan 12, 2010
I have One Server which is having IP 10.176.0.155. I want that client 10.176.0.135 is not able to ping this server only & cane it is possible to block through hosts.
View 1 Replies
View Related
Dec 9, 2010
I need to allow ICMP ping for one host only. I found out how to enable it to all hosts (ICMP Filtering, check ping) but I would like to reduce the scope to one host. I know I can add rules in the user_post script but I can't find the correct iptables command ...
View 4 Replies
View Related
Nov 12, 2009
I want to block the icmp packets(ping) from the other computer to my RHEL-4 what's the syntax I should use to do so in IPTABLES.
View 2 Replies
View Related
Nov 13, 2010
I tried to ping some of the pcs on the local network but for those with icmp disabled it doesn't work. I've used
Code:
nmap -sP 192.168.2.0/24
View 3 Replies
View Related
Jan 8, 2011
Installed Ubuntu Server 10.10, included Apache, PHP, and OpenSSH. Apache is up and serving pages, I can connect using PuTTY no problem. Server responds to a pingHowever, attempting to use ping or traceroute from the server results in a Destination Unreachable. Happens even for other 192.168.1.10x boxes on the local network
View 1 Replies
View Related
Sep 28, 2010
When I ping our Microsoft Windows terminal server "cluster" farm, I get ICMP warnings that there are duplicate packets. I am able to rdesktop to the cluster with no problems. We are trying to setup nagios to run on this Ubuntu configuration and nagios is reporting the following error:
"PING WARNING - DUPLICATES! Packet Loss=0%, RTA=.98ms.
FPing reports duplicates as well. Is there a setting in the Arp table that needs to be set differently because the "Cluster" MAC address isn't an actual hardware MAC but a virtual MAC address?
View 2 Replies
View Related
Apr 20, 2011
I have a dedicated host on my lan to monitor other hosts/services using Nagios. I'm in the process of migrating to Zabbix on that host to perform the same purpose. Both Nagios and Zabbix monitor icmp ping latency (Nagios uses ping, Zabbix uses fping) and over time the latency to other hosts grows until threshold alarms are triggered. In one week, the average latency grows from sub-millisecond to over 100 milliseconds, and continues to grow until the Nagios host is rebooted. I have verified the latency numbers using ping/fping from the command line on the Nagios host.
The problem is that pings from the monitored hosts to the Nagios host show normal latency at the time the Nagios host is showing high latency from itself to the monitored hosts. The Nagios host and monitored hosts are all connected to the same Dell 24 port gigabit switch. I already posted this question on the Zabbix forums with a graph of the latency but there were no answers. [URL] why the icmp ping latency is growing over time and how I can fix it short of rebooting the host on a schedule.
[Code]...
View 5 Replies
View Related
Jun 21, 2010
Brief overview of my current setup:
Code:
The ip_blacklist chain is used to immediately drop any traffic from specified address ranges, while the tcp_, udp_, and icmp_packets chains contain rules for further processing of those protocols. The last rule in each of the latter three chains drops all packets that didn't match any rules above it; so tcp, udp, and icmp packets should NOT get caught by the default INPUT policy (DROP). The goal of the last rule on the INPUT chain is to then log any packets that are picked up by the default policy. However, it's not working.
I can tell that there are packets being picked off by the default policy because the counters are being incremented, but nothing is logged by that last rule. My conclusion is that it's only looking for tcp, udp, and icmp packets and ignoring everything else.
How to get iptables to log all the other protocols (or whatever is being caught by the default policy)?
View 5 Replies
View Related
Apr 30, 2010
i've tried blocking ping requests with iptables.. and it didnt work Quote: iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
also tried editing sysctl.conf.. which worked perfectly but after i restarted the system i was able to ping my ubuntu machine from my lappy here is what i added to sysctl.conf and then executed it with sysctl -p
Quote: net.ipv4.icmp_echo_ignore_all = 1 here is another atempt to block.. this one worked too... but again after the restart i was able to ping my machine.. Quote: echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
View 8 Replies
View Related
Aug 5, 2010
In Lucid I have some ufw rules but I figured that I need to limit the ICMP messages that the box responds to and also limit their number. There are iptables rules to accomplish this but since I already have ufw rules it is safe to use iptables only for ICMP rules ?
View 4 Replies
View Related
Jul 20, 2010
I intend to re-install open suse 11.2, 32-bit. On a previous install,suse did not provide a grub entry for ubuntu.My current setup has
ubuntu/root on /dev/sda6
ubuntu/home on /dev/sda7
ubuntu/usr/local on /dev/sda8
[code]...
View 4 Replies
View Related
Nov 18, 2010
I've got several language multimedia CD-Rom's, made for Windows 95/98/98 SE and 2000, that I'm using by means of my daughter's old PC (Win 98 SE O.S.). However I noticed, also, that you can perfectly use them even with Windows Vista. What I'd like to know is if you can use them even with Suse/Novell and (why not?) OpenSuse Linux.
View 4 Replies
View Related
Jul 5, 2009
OK... I tried everything i could think of... but i still cannot get my Open SUSE 11.1 to mount my samba share at boot! I still don't understand the 11.1 boot sequence. can NE one help me... tell me what files to give you output from... Ty guys P.S. My shares originate from a Windows Server 2003 RC2 machine, and it's dns server doesn't work correctly... so my mount command is
mount -t //192.168.x.x/files/ /nET/ -o username=linux,password=xxxxxx
please let me know what other info you need... I don't have the internet, so it will be tommorow b4 i see this again!!! Thanks
View 2 Replies
View Related
Sep 8, 2010
When i am adding a user using "useradd -d /home/test test" or "useradd test", it is now creating the home directory, whereas when i am using the graphical mode and going through several menu options, i am getting the home directory.
View 1 Replies
View Related
Sep 16, 2010
how to install a D-Link Access Point on Suse 11.0 or steer me toward documentation that will do that? I configured the device on XP following instruction from this forum and the AP configured perfectly.The AP is plugged directly into the network port on the computer. It *should* function correctly without a router. I tried a restart and Suse has no idea it's there. The computer is currently configured for a wired connection which needs to be changed. The computer itself is going to be used as a small home storage server.
View 3 Replies
View Related
Nov 4, 2010
I have a disturbing problem with my monitor which goes to sleep (or ??) after few minutes if my comp is not used and most of the time I have to restart my comp.I disabled everything in Powersave , but nothing. I did have that problem in previous versions of SUSE, but somehow, I solved that. I cant remember what I did then.
View 4 Replies
View Related
Aug 23, 2010
I've pre-partitioned my HDD and want to install 11.2 on the second primary partition.However, when using the installer, I can't get Suse to install on the prepared 20gb partition - it keeps insisting it wants to install on the large unallocated section of the drive.
I find the partitioner somewhat hard to use and the answer may be staring me in the face but I can't see it.
View 2 Replies
View Related
Feb 1, 2010
I tried to use different version of Python, and followed the Readme like this
./configure
make
make test
[code]...
View 3 Replies
View Related
Oct 13, 2010
PackageKit Error repo-not-available: File '/repodata/repomd.xml' not found on medium 'http://download.opensuse.org/repositories/KDE:/KDE4:/Community/openSUSE_11.2/' My 11.2 won't update and gives this error. Anyone know how to fix it?
View 2 Replies
View Related
Jul 19, 2010
New Suse 11.3 installation with Gnome desktop. Added K3B using Yast2, and after completing the install of K3B, there is no icon for K3B! Instead there is an "X" and the text for K3B in it.From the main menu -> more applications -> multimedia, is where the K3B icon is.Yast2 is supposed to install any dependencies needed or warn if it can not find any missing dependencies. What is missing, or is it a permission problem? All the other application icons seem fine.
View 4 Replies
View Related
Feb 4, 2010
The software use to work well here, but now I got this when I try to run it
sparky: error while loading shared libraries: libtk8.4.so: cannot open shared object file: No such file or directory
But I can not find it.
I also tried
cd /usr/lib
ln -s libtk8.4.so libtk.so.0
ln -s libtcl8.4.so libtcl.so.0
but this does not work neither.
View 4 Replies
View Related
Mar 6, 2010
Is this how I would do that?
iptables -A INPUT -p tcp --destination-port 21 -d ! 168.192.1.2 -j DROP
This should block all incoming connections on port 21 from 192.168.1.2, correct? Thus preventing that IP from logging into my FTP.
View 1 Replies
View Related
Jun 1, 2011
i have set firewall for centos of 192.168.1.21 server like this.
it has a gateway of 192.168.1.2
iptables -P INPUT DROP
iptables -A INPUT --in-interface lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source 00:0F:EB:91:00:01 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 80 -m mac --mac-source 00:0F:EB:91:00:01 -j ACCEPT
the mac source is my laptop's mac address. But when i try to ping from my laptop of 192.168.0.2 (my gateway is 192.168.0.1 but share the same server that has 3 network gateway including gateway for the centos)it failed. what i should do to enable this ping.i also cannot connect to the centos server unless i change my ip to 192.168.1.x and same gateway as centos.can someone suggest what should i modify my firewall to enable connection to centos server from my 192.168.0.2 laptop? is that related to nat and forward chain in firewall of centos?
View 2 Replies
View Related
Mar 17, 2009
What i wanted to do was block everything from getting in my pc but still be able to surf the web and still use instant messenger.
View 2 Replies
View Related
May 10, 2010
I want to block all outgoing traffic with iptables and only allow a few specific websites. I would like to get the code to do so and also to revert the changes in case I want to unblock them.
View 1 Replies
View Related
Dec 24, 2008
in my office i have to block all messenger like yahoo messenger, windows live messenger, i have to block websites like www.yahoo.com, some more web sites. i need guidance through which i can accomplish this task through ip tables or through squid server. i can use squid but i had heard that squid blocks pop and smtp also. squid creates some problem in receiving and sending email. i am using red hat linux 4 box and installed squid having two ethernet card 1 is connected to adsl line and 2 is connected to switch. all clients will have proxy address of this linux box. guys need ur help ASAP.
View 2 Replies
View Related
