Topic: block icmp

[Mr. Stewart]

I am having lots of trouble with the nachi virus cuasing our network to lose internet becuase the pinging that it causes keeps overwhelming the sme server.  I need to know how to stop icmp pings from going through the sme server/gateway.  It is version 5.6  I know there is all kinds of discussion on the phorums about this topic but i can not find a clear explanation of what to do.


Please help.

[Gregory Baird]

Hello

Take a look at coyote linux I got tired of the same thing and put coyote in place and that ended the pinging problems
you will however have to port-forward to your sme box

coyote will replace your gateway and it has a web admin

it runs on port 8180

http://www.coyotelinux.com/

you just need a simple box with a floppy no hard drive or cdrom

they say 486 and 16 megs of ram

ps don't use auto port-forward use manual setup

[alejandro]

Another solution  could be
using acid+snort module in your sme server
Ther is a very complete howto (search the forums for the right url)
I've used it for a while with no complains at all
Offending ips get automatically rejected for a 24 hour period.
ALe

[Nathan Fowler]

Guys, the easiest solution is adding an ipchain rule, or modifying the accempt-icmp template.

/sbin/ipchains -A input -p icmp --icmp-type echo-request -d $OUTERIP -j DENY -i eth0

I'm assuming that eth0 is your external interface.

[Mike]

How does one go about modifying the accempt-icmp template please so that I can insert this ICMP block. My external interface is eth1 so I assume the only change to make is eth0 to eth1 in that string.