Re: [IPCop-user] Re: IDS log entries for ICMP PING CyberKit 2.2 from...

[paul v. a. <pa...@no...>]

see also http://www.linuxguruz.org/iptables/scripts/rc.firewall_008.txt
at http://www.linuxguruz.com/iptables/

the .txt file references:
iptables -A ICMP -p icmp --icmp-type echo-request -j WATCH
drop your -i $RED_DEV

I'll also try this tomorrow when I'm awake.  :)
paul


nishark wrote:
> --- James Taylor <jam...@ya...> wrote:
> 
>>Added to /etc/rc.d/rc.local the usual ICMP
>>echo-request drop rule (I already
>>have /sbin/iptables -F CUSTOMINPUT at top of file)
>>
>>/sbin/iptables -A CUSTOMINPUT -i $RED_DEV -p icmp
>>--icmp-type echo-request -j
>>DROP
>>
>>and # in front of the specific rule in
>>/etc/snort/icmp.rules file.
>>
>>Regards
>>James
> 
> 
> i just added 
> /sbin/iptables -A CUSTOMINPUT -i $RED_DEV -p icmp
> --icmp-type echo-request -j DROP
> to my rc.local and when i run './rc.local', i get a
> message saying -p icmp is not a valid protocol. A
> search in this list tells me that Chris Meller had
> this problem previously. But that thread does not
> offer a solution.
> 
> what am i doing wrong?
> what is the best way to block/drop these annoying icmp packets?
>