Russell, It's a bad idea to deny all icmp, it breaks things like mtu discovery. There are many different types of icmp, and although denying most is OK, some you should let in. Off the top of my head I don't recall the type numbers of the ones you want to drop, and the ones you want to keep You're probably better off searching for the right ways to deny pings using ipchains or whatever firewall linux is uing nowadays. Then deny only specific types. Search engine is your friend in this regard since it's generally a very well solved problem. Unless you know what you're doing with denying pings, in which case ignore what I just said :) Cheers, Al On Mon, 8 Mar 2004, russell wrote: >Date: Mon, 08 Mar 2004 22:00:22 -0500 >From: russell <simmonsr@xxxxxxxxxxx> >Reply-To: fedora-list@xxxxxxxxxx >To: fedora-list@xxxxxxxxxx >Subject: denying ping > >I'm trying to deny ping access on my new fedora box. I run: # echo 1 > > /proc/sys/net/ipv4/icmp_echo_ignore_all, but this doen't work. Does >anyone have any ideas how to deny icmp requests on fedora? > >tia > >russell > > >
