[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

How to filter ICMP timestamp requests?



Hi there,

why isn't it enough to add the following to the beginning of 
I50external.rul:

    $IPCHAINS -A input -j DENY -i $i -p ICMP -d $IPOFIF/32 13

Here's the output of ipchains -L -v: (eth0: external IF, eth1: int. IF)

  Chain input (policy DENY: 27931 packets, 1507290 bytes):
 pkts bytes target     prot opt    tosa tosx  ifname     mark       outsize  
source                destination           ports
  562 61793 ACCEPT     all  ------ 0xFF 0x00  lo                             
anywhere              anywhere              n/a
  704 76005 ACCEPT     all  ------ 0xFF 0x00  eth1                           
internal-net/24  anywhere              n/a
    0     0 DENY       icmp ------ 0xFF 0x00  eth0                           
anywhere              firewall                 any ->   13


"Firewall" is the ext. IP address of our firewall.

CyberCop is STILL able to retrieve the timestamp via ICMP.

Any ideas?!

TIA,

Ralf


-- 
Sign the EU petition against SPAM:          L I N U X       .~.
http://www.politik-digital.de/spam/        The  Choice      /V\
                                            of a  GNU      /( )\
                                           Generation      ^^-^^



Reply to: