how to disable ping in 10.3

English Network/Internet
#1

i know this must have been asked a thousand times…but, neither google
nor <http://forums.opensuse.org/search.php> finds the answer:

how do i disable ping replies in openSuSE 10.3??

(i found the spot in YaST to disable ping in 10.1, but can’t remember
how, now…)

tia

DenverD

#2

If you’re using SuSEfirewall2, take a look at /etc/sysconfig/SuSEfirewall2 and find:

Type: yesno

Default: yes

19.)

Allow the firewall to reply to icmp echo requests

defaults to “no” if not set

FW_ALLOW_PING_FW=“no”

And restart the service.

#3

Chrysantine wrote:
> If you’re using SuSEfirewall2, take a look at
> /etc/sysconfig/SuSEfirewall2 and find:
>
> ## Type: yesno
> ## Default: yes
> #
> # 19.)
> # Allow the firewall to reply to icmp echo requests
> #
> # defaults to “no” if not set
> #
> FW_ALLOW_PING_FW=“no”
>
> And restart the service.

i’m stumped as this does not stop the ping:

defaults to “no” if not set

FW_ALLOW_PING_FW=“no”

and, neither does this:

defaults to “no” if not set

#FW_ALLOW_PING_FW=“no”

what next?

DenverD

#4

The carbonbased lifeform DenverD inspired
opensuse.org.help.network-internet with:
> i know this must have been asked a thousand times…but, neither google
> nor <http://forums.opensuse.org/search.php> finds the answer:
>
> how do i disable ping replies in openSuSE 10.3??

echo “net.ipv4.icmp_echo_ignore_all = 1” >>/etc/sysctl
/sbin/sysctl -p /etc/sysctl.conf

Or, for one time only:
echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all"

$su -c "echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all "
Password:
[ferrets4me] theo:/home/theo
$ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.

— localhost ping statistics —
4 packets transmitted, 0 received, 100% packet loss, time 3010ms

[ferrets4me] theo:/home/theo
$su -c "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all "
Password:
[ferrets4me] theo:/home/theo
$ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.087 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.099 ms

Theo

theo at van-werkhoven.nl ICQ:277217131 SuSE Linux
linuxcounter.org: 99872 Jabber:muadib at jabber.xs4all.nl AMD XP3000+ 1024MB
“ik heb niets tegen Microsoft, ik heb iets tegen
de uitwassen van Microsoft”

#5

Theo v. Werkhoven wrote:
>> i know this must have been asked a thousand times…but, neither google
>> nor <http://forums.opensuse.org/search.php> finds the answer:
>>
>> how do i disable ping replies in openSuSE 10.3??
>
> echo “net.ipv4.icmp_echo_ignore_all = 1” >>/etc/sysctl
> /sbin/sysctl -p /etc/sysctl.conf
<snip>
> Theo

THANKS Theo…but, just in case, could you tell me how to, after using
that, the magic incantation to once again allow ping…

tia,
DenverD

#6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Either remove the line you added and re-run the sysctl command or use
the opposite of the command given previously:

echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all #run as ‘root’ of course

Good luck.

DenverD wrote:
| Theo v. Werkhoven wrote:
|>> i know this must have been asked a thousand times…but, neither
|>> google nor <http://forums.opensuse.org/search.php> finds the answer:
|>>
|>> how do i disable ping replies in openSuSE 10.3??
|>
|> echo “net.ipv4.icmp_echo_ignore_all = 1” >>/etc/sysctl
|> /sbin/sysctl -p /etc/sysctl.conf
| <snip>
|> Theo
|
| THANKS Theo…but, just in case, could you tell me how to, after using
| that, the magic incantation to once again allow ping…
|
| tia,
| DenverD
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIVKiX3s42bA80+9kRAhIFAJ4gimphPKFZXyX40yxQkgSatzSwXwCggNcZ
IHIn7Hd4P5cv0kQdXxKA67s=
=r0du
-----END PGP SIGNATURE-----

#7

hmmmm…no workie:

DenverD@Texan:~> su -
Password:
linux103-32:~ # echo “net.ipv4.icmp_echo_ignore_all = 1”
>>/etc/sysctl/sbin/sysctl -p /etc/sysctl.conf
-bash: /etc/sysctl/sbin/sysctl: No such file or directory

now what??

Denver
ps: for anyone who might know; why the HECK is it not possible in
YaST??? is this the OS giving, or taking away choice (all of a
sudden–i’m pretty sure i did it in v9.x, through less than v10.3)

ab@novell.com wrote:
> Either remove the line you added and re-run the sysctl command or use
> the opposite of the command given previously:
>
> echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all #run as ‘root’ of course
>
> Good luck.
>
>
>
>
>
> DenverD wrote:
> | Theo v. Werkhoven wrote:
> |>> i know this must have been asked a thousand times…but, neither
> |>> google nor <http://forums.opensuse.org/search.php> finds the answer:
> |>>
> |>> how do i disable ping replies in openSuSE 10.3??
> |>
> |> echo “net.ipv4.icmp_echo_ignore_all = 1” >>/etc/sysctl
> |> /sbin/sysctl -p /etc/sysctl.conf
> | <snip>
> |> Theo
> |
> | THANKS Theo…but, just in case, could you tell me how to, after using
> | that, the magic incantation to once again allow ping…
> |
> | tia,
> | DenverD

#8

The carbonbased lifeform DenverD inspired
opensuse.org.help.network-internet with:
> Theo v. Werkhoven wrote:
>>> i know this must have been asked a thousand times…but, neither google
>>> nor <http://forums.opensuse.org/search.php> finds the answer:
>>>
>>> how do i disable ping replies in openSuSE 10.3??
>>
>> echo “net.ipv4.icmp_echo_ignore_all = 1” >>/etc/sysctl
>> /sbin/sysctl -p /etc/sysctl.conf
><snip>
>> Theo
>
> THANKS Theo…but, just in case, could you tell me how to, after using
> that, the magic incantation to once again allow ping…

Try to read the whole reply next time.

<quote>
$su -c "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all "
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
</quote>

Theo

theo at van-werkhoven.nl ICQ:277217131 SuSE Linux
linuxcounter.org: 99872 Jabber:muadib at jabber.xs4all.nl AMD XP3000+ 1024MB
“ik heb niets tegen Microsoft, ik heb iets tegen
de uitwassen van Microsoft”

#9

The carbonbased lifeform DenverD inspired
opensuse.org.help.network-internet with:
> hmmmm…no workie:
>
> DenverD@Texan:~> su -
> Password:
> linux103-32:~ # echo “net.ipv4.icmp_echo_ignore_all = 1”
> >>/etc/sysctl/sbin/sysctl -p /etc/sysctl.conf
> -bash: /etc/sysctl/sbin/sysctl: No such file or directory

Where the fsck did you get that from?
There were two lines, one with:
echo “net.ipv4.icmp_echo_ignore_all = 1” >>/etc/sysctl
(my bad, should have been: ‘>>/etc/sysctl.conf’, see sysctl(8) )

And another with:
/sbin/sysctl -p /etc/sysctl.conf

Of course these must be given as two seperate commands, or seperated by
‘;’ or ‘&&’ at least.

Theo

theo at van-werkhoven.nl ICQ:277217131 SuSE Linux
linuxcounter.org: 99872 Jabber:muadib at jabber.xs4all.nl AMD XP3000+ 1024MB
“ik heb niets tegen Microsoft, ik heb iets tegen
de uitwassen van Microsoft”

#10

> Try to read the whole reply next time.
>
> <quote>
> $su -c "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all "
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> </quote>

thanks Theo, but i don’t actually need your smart-alec remark …see, i
don’t know enough about it to KNOW what you MEANT to type…i guess
you MEANT to say:

to turn ping back on, issue this one as root:

$su -c "echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all "

but, you didn’t say that, and i can neither read your mind NOR fill in
the blank spaces you left…

so, thanks anyway

DenverD

#11

> Where the fsck did you get that from?

well, it LOOKED like (to me) one line that had wrapped…sorry

> There were two lines, one with:
> echo “net.ipv4.icmp_echo_ignore_all = 1” >>/etc/sysctl
> (my bad, should have been: ‘>>/etc/sysctl.conf’, see sysctl(8) )
>
> And another with:
> /sbin/sysctl -p /etc/sysctl.conf
>
> Of course these must be given as two seperate commands, or seperated by
> ‘;’ or ‘&&’ at least.

so, now i’ve given it as 2 commands…and STILL i’m answering the ping
from my command line, or at https://www.grc.com/

so??

DenverD

#12

iptables -I INPUT -p icmp --icmp-type echo-request -j DROP

After that, you most definitely won’t respond to pings :slight_smile:

#13

Did you restart your firewall afterwards?

sudo /etc/init.d/SuSEfirewall2_setup restart

and are you pinging a network interface added to the external zone?

#14

tkjacobsen wrote:
> DenverD;1818152 Wrote:
>> Chrysantine wrote:
>>> If you’re using SuSEfirewall2, take a look at
>>> /etc/sysconfig/SuSEfirewall2 and find:
>>>
>>> ## Type: yesno
>>> ## Default: yes
>>> #
>>> # 19.)
>>> # Allow the firewall to reply to icmp echo requests
>>> #
>>> # defaults to “no” if not set
>>> #
>>> FW_ALLOW_PING_FW=“no”
>>>
>>> And restart the service.
>> i’m stumped as this does not stop the ping:
>> …
>> …
>> # defaults to “no” if not set
>> #
>> FW_ALLOW_PING_FW=“no”
>>
>>
>> and, neither does this:
>> …
>> …
>> # defaults to “no” if not set
>> #
>> #FW_ALLOW_PING_FW=“no”
>>
>>
>> what next?
>>
>> DenverD
>
> Did you restart your firewall afterwards?
>
> sudo /etc/init.d/SuSEfirewall2_setup restart

yes, i shut down the whole machine and rebooted

DenverD

#15

Chrysantine wrote:
> iptables -I INPUT -p icmp --icmp-type echo-request -j DROP
>
> After that, you most definitely won’t respond to pings :slight_smile:

well, here is what i did: i copy and pasted that string into a root
prompt and hit enter…

then i shutdown and rebooted the system…

the good news (from https://www.grc.com/) is that all of the system’s
first 1056 ports are “stealthed” and the bad news is: i’m STILL
responding to pings…

WAIT! it was the wireless router responding…took a half hour to
figure out how to turn THAT off…

sorry for any of the frustration you might have shared!!

DenverD

#16

Ah by the way iptables is only effective during your session - when you reboot it’s gone.

#17

The carbonbased lifeform DenverD inspired
opensuse.org.help.network-internet with:
>> Try to read the whole reply next time.
>>
>> <quote>
>> $su -c "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all "
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> </quote>
>
> thanks Theo, but i don’t actually need your smart-alec remark …see, i

So, you’re ignorant in this matter, but you prefer to stay that way,
just to save face rather than take a hint and maybe become a bit wiser?

> don’t know enough about it to KNOW what you MEANT to type…i guess
> you MEANT to say:
>
> to turn ping back on, issue this one as root:
>
> $su -c "echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all "

No, because that does not turn ICMP replies back on.

> but, you didn’t say that, and i can neither read your mind NOR fill in
> the blank spaces you left…

The fact that you don’t know enough about the matter is understandable,
but my directions to re-enable the ICMP reply was plain and simple IMO,
and came with an example.
I wrote these lines:

[ferrets4me] theo:/home/theo
$su -c "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all "
Password:
[ferrets4me] theo:/home/theo
$ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.087 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.099 ms

I wouldn’t know how to make it easier to understand.

> so, thanks anyway

I’m not sure you mean this, so it’s not ‘you’re welcome’ this time.

Theo

theo at van-werkhoven.nl ICQ:277217131 SuSE Linux
linuxcounter.org: 99872 Jabber:muadib at jabber.xs4all.nl AMD XP3000+ 1024MB
“ik heb niets tegen Microsoft, ik heb iets tegen
de uitwassen van Microsoft”

#18

Are you sure you’re not related to De Raadt, Theo? :wink:

#19

Chrysantine wrote:
> Ah by the way iptables is only effective during your session - when you
> reboot it’s gone.

ah…another bit of missing knowledge…thanks…

DenverD

#20

The carbonbased lifeform Chrysantine inspired
opensuse.org.help.network-internet with:
>
> Are you sure you’re not related to De Raadt, Theo? :wink:

I can relate /to/ him.
Does that count?

Theo

theo at van-werkhoven.nl ICQ:277217131 SuSE Linux
linuxcounter.org: 99872 Jabber:muadib at jabber.xs4all.nl AMD XP3000+ 1024MB
“ik heb niets tegen Microsoft, ik heb iets tegen
de uitwassen van Microsoft”