Command for ignoring PING

Bug #544976 reported by costales on 2010-03-23
This bug report is a duplicate of:  Bug #946322: Add IGMP protocols to cli tool. Edit Remove
This bug affects 2 people
Affects Status Importance Assigned to Milestone

Bug Description

Hi! It would be nice if ufw could be set up to ignore PINGs requests. That would make the computer completely invisible from the outside.
Now we must comment the line:
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
in the file /etc/ufw/before.rules

Could be possible that ufw set up ignore PINGs and show it in the status?
Best regards and thanks.

Changed in ufw:
importance: Undecided → Wishlist
status: New → Triaged
GreyGeek (greygeek77) wrote :

I second Costales' suggestion.

On Kubuntu 10.4 fully updated:
sudo sysctl -p
appears to work and
cat /proc/sys/net/ipv4/icmp_echo_ignore_all
shows 1
sudo iptables -A INPUT -p icmp -m icmp --icmp-type echo-request -j DROP
appears to work as well, but NONE of the above methods stop my notebook from responding to pings.

GreyGeek (greygeek77) wrote :

A side note: one must be careful to eliminate the possibility that if, when connected to the Internet by a wireless router, it is that router which is echoing the ping, not the user's PC.

Anders Jackson (anders-jackson) wrote :

Don't actually see any real use of this. As this was basicly buggy network implementations on big servers from around 1990-2000 that caused this to be needed. A limit, yes. But not blocking.

turbolad (turbolad995) wrote :

Anyone connecting to the internet via a router or wireless router must configure the device to ignore (not respond to) ping, ICMP or whatever the device calls this setting.

From my understanding, having the firewall in Ubuntu AND a firewall in the router/wireless router offers the best security. You cannot install more than one firewall on the computer itself in the same operating system - it is not a good idea to even try that!

If you don't have a router/wireless router then the firewall in Ubuntu MUST be properly configured to make your computer invisible on the internet and stop hackers from being able to get in. I don't know the technical stuff beyond what I've typed in this message.

Jamie Strandboge (jdstrand) wrote :

While this bug came first bug #946322 is more complete and covers this bug. Marking as duplicate.

Changed in ufw:
status: Triaged → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers