Page 1 of 1
Block ping via firewall-cmd
Posted: 2020/06/26 11:47:40
by hack3rcon
Hello,
I'm using below command:
Code: Select all
# firewall-cmd --zone=public --query-icmp-block=echo-reply
And the output is:
And ping working!!!
How can I block ping?
Thank you.
Re: Block ping via firewall-cmd
Posted: 2020/06/26 18:42:45
by jlehtone
How did you know to do
--query-icmp-block=echo-reply and what does the
no tell you?
https://access.redhat.com/documentation ... p_requests
Re: Block ping via firewall-cmd
Posted: 2020/07/01 09:08:01
by hack3rcon
I did:
Code: Select all
$ sudo firewall-cmd --zone=public --query-icmp-block=echo-reply
no
Re: Block ping via firewall-cmd
Posted: 2020/07/01 13:47:43
by jlehtone
It was already clear that you did ask from the configuration:
"Is zone public set to block echo replies?"
I did ask "How did you know to use that command?"
I did ask that to find out what you know.
To configure firewall is something that requires that one knows and understands, rather than copy-pastes.
I did ask, what the "no" means. What it means that zone public is not set to block echo replies?
You did seem surprised that ping works even though you had done nothing to block it.
Lets presume that you would block echo replies. How would that affect ping?
Some machine sends echo request to your machine. That is not blocked. Your machine sends echo reply.
The block rule is probably in INPUT, not OUTPUT, and therefore that reply would not be blocked.
Your machine sends echo request somewhere. The other machine sends echo reply.
Does the reply get accepted by "allow existing connections" rule, or will it be blocked by the "block reply" rule?
I have not looked in how firewalld implements the block, so I don't know the answer atm.