Hi Guys I cant seem to find how to disable ping on interfaces with shorewall 1.4.5-1. before it was simple you specified the noping option in interfaces but that option is no longer there.
On 29 Jun 2003 13:49:38 -0400, Nick Sklavenitis <sklav@istop.com> wrote:> I cant seem to find how to disable ping on interfaces with shorewall > 1.4.5-1. before it was simple you specified the noping option in > interfaces but that option is no longer there.When upgrading, it''s always a good idea to to check http://www.shorewall.net/upgrade_issues.htm -- There you would have found that with Shorewall 1.4.0 and later, ping is handled the same as any other connection request. You may wish to refer to http://www.shorewall.net/ping.html -- there is a link to that page from the Documentation Index under the topic "Ping Management". -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Ok my next question is the following How does one go about blocking traceroute replies? According to nessus traceroute is a security issue even thought label "low" Mind you it also detects non random IP id''s but i have grsecurity kernel on Medium config which randomizes Ip id''s som in not sure how accurate nessus is.
On Mon, 2003-06-30 at 02:26, Nick Sklavenitis wrote:> Ok my next question is the following > > How does one go about blocking traceroute replies? According to nessus > traceroute is a security issue even thought label "low" Mind you it also > detects non random IP id''s but i have grsecurity kernel on Medium config > which randomizes Ip id''s som in not sure how accurate nessus is.>From your post, I have no idea what problem you are trying to solve.-Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net