topic title: Disable Ping in ufw
Posts: 117
buttcoffee
Joined: 20 Aug 2010
#1
I believe ufw is pre-installed in antix. If you go to that shieldsup site
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"https://www.grc.com"
linktext was:"https://www.grc.com"
====================================
the default config of ufw won't pass the ping test with stealth. So, if you want to disable ping, just do this.

sux
nano /etc/ufw/before.rules

Look for these lines

Code: Select all

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
and change them to this

Code: Select all

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP
Then type in:

ufw disable
ufw enable

Now, if you go back to
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"https://www.grc.com"
linktext was:"https://www.grc.com"
====================================
, you'll pass the test with stealth. Dropping ping request doesn't make you safer or anything.