> ATTACHMENT part 3.4 message/rfc822
> Date: Tue, 19 Aug 2003 03:09:21 -0700 (PDT)
> From: nishark <n1shark@...>
> Subject: Re: [IPCop-user] Re: IDS log entries for ICMP PING CyberKit 2.2
> To: James Taylor <james_n_taylor@...>, ipcop-user@...
> --- James Taylor <james_n_taylor@...> wrote:
> > Added to /etc/rc.d/rc.local the usual ICMP
> > echo-request drop rule (I already
> > have /sbin/iptables -F CUSTOMINPUT at top of file)
> > /sbin/iptables -A CUSTOMINPUT -i $RED_DEV -p icmp
> > --icmp-type echo-request -j
> > DROP
> > and # in front of the specific rule in
> > /etc/snort/icmp.rules file.
> > Regards
> > James
> i just added
> /sbin/iptables -A CUSTOMINPUT -i $RED_DEV -p icmp
> --icmp-type echo-request -j DROP
> to my rc.local and when i run './rc.local', i get a
> message saying -p icmp is not a valid protocol. A
> search in this list tells me that Chris Meller had
> this problem previously. But that thread does not
> offer a solution.
> what am i doing wrong?
Not too sure why not as mine works - and this is the standard rule for blocking
Pings.... Perhaps some details would help? What version IPCop? What does the
rc.local look like? Did you edit the file on a windows machine? What does
'iptables -L' give you? What about the exact error message? Do you have any
other rules in rc.local that work? Sounds to me like a syntax error as icmp is,
of course, a valid protocol.
My rc.local looks like this...
# Define Red IFace IP
RED_IF=`/bin/cat /var/ipcop/red/iface | /usr/bin/tr -d '\012'`
# Custom Input Chain
/sbin/iptables -F CUSTOMINPUT
# Block ICMP echo-request (Ping) on RED due to Nachi Worm
/sbin/iptables -A CUSTOMINPUT -i $RED_IF -p icmp --icmp-type echo-request -j
But '$RED_DEV' should work...
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software