If all you want to do is ignore ping requests, turn off the "echo" service, either using redhat-config-services or ntsysv.
The ping command just sends out an echo request to the server. Without echo, the server cannot respond to ping requests.
On Mon, 08 Mar 2004 22:00:22 -0500 russell <simmonsr@xxxxxxxxxxx> wrote:
I'm trying to deny ping access on my new fedora box. I run: # echo
1 > /proc/sys/net/ipv4/icmp_echo_ignore_all, but this doen't work. > Does anyone have any ideas how to deny icmp requests on fedora?
The 'echo' service has nothing to do with ICMP replies ("ping").
By default FC1 puts the following line in your /etc/sysconfig/iptables: -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
Simply remove that line and your system will stop replying to ICMP packets. It should (but I haven't tested this) still accept those packets it receives in reply to it's own packets.
This is potentially dangerous to the proper operation of your network connection, however (ICMP is important for proper network functionality)
A slightly better solution would be to add the following line -before- the default ICMP line:
-A RH-Firewall-1-INPUT -p icmp --icmp-type echo-request DROP
