Ivan wrote:
>
> I have sme 5.1.2 with update. Acting as a public gateway. Is
> there any way to stop ping on externall interface only?
> Private gateway setting is to strict for me - it will disable
> pings (and traceroute) both ways.
What you could do is reorder the outgoing and incoming icmp rules in /etc/rc.d/init.d/masq (using templates etc. etc....)|
And the type you need to set to deny is echo-request, so
/sbin/ipchains --append icmpIn --proto icmp --icmp-type echo-request --jump
ACCEPT
could become
/sbin/ipchains --append icmpIn --proto icmp --icmp-type echo-request --jump DENY
again in template fragments etc. etc.
--
Damien