Re: custom ICMP message in iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jatin K wrote:

Dear all,
I'm wondering that, is there any method to add custom ICMP message to iptables ... e.g say I block Echo Request (ping) through system-config-firewall, other systems on my network cannot ping my system ... but on on the system from where I try to ping .. it shows message like [1] 

[1] From xxx.xxx.xxx.xxx icmp_seq=xxx Destination Host Prohibited
problem is that anyone can determine that my system is alive and icmp request is blocked 


instead  of this I want like this [2]

[2]  From xxx.xxx.xxx.xxx icmp_seq=xxx Destination Host *Unreachable *


Sure, you can add "--reject-with icmp-host-unreachable" to that rule.
Of course the ICMP packet you send will have a source IP address of
the machine that the packet claims is unreachable, and that just
screams, "This system is run by an incompetent doofus who is trying
to claim his machine doesn't exist."

You can also just use the DROP target instead of REJECT.  That also
makes it apparent that there is a machine here that is trying hard
not to be seen, since if it really didn't exist the upstream router
would have responded with icmp-{host|network}-unreachable.

--
Bob Nichols     "NOSPAM" is really part of my email address.
                Do NOT delete it.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux