Jatin K wrote:
Dear all,
I'm wondering that, is there any method to add custom ICMP message to
iptables ... e.g say I block Echo Request (ping) through
system-config-firewall, other systems on my network cannot ping my
system ... but on on the system from where I try to ping .. it shows
message like [1]
[1] From xxx.xxx.xxx.xxx icmp_seq=xxx Destination Host Prohibited
problem is that anyone can determine that my system is alive and icmp
request is blocked
instead of this I want like this [2]
[2] From xxx.xxx.xxx.xxx icmp_seq=xxx Destination Host *Unreachable *
Sure, you can add "--reject-with icmp-host-unreachable" to that rule.
Of course the ICMP packet you send will have a source IP address of
the machine that the packet claims is unreachable, and that just
screams, "This system is run by an incompetent doofus who is trying
to claim his machine doesn't exist."
You can also just use the DROP target instead of REJECT. That also
makes it apparent that there is a machine here that is trying hard
not to be seen, since if it really didn't exist the upstream router
would have responded with icmp-{host|network}-unreachable.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
