http://tech-recipes.disqus.com/Cookbook of Tech TutorialsenThu, 16 Dec 2004 20:55:21 -0000http://www.tech-recipes.com/rx/40/disable-icmp-echo-ping-responses-in-linux/#comment-2766807thanks for the tip! complete newbie to Linux but managed to get 100% stealth enabled in the firewall....<br>using your tips page.. only had to disable ping to achieve it! thanx again! :PGuestThu, 16 Dec 2004 20:55:21 -0000http://www.tech-recipes.com/rx/40/disable-icmp-echo-ping-responses-in-linux/#comment-2766806Just have your monitoring service try to connect to an open port (FTP, POP3, SMTP, WEB, SSH, Etc.) instead of going through the trouble of installed firewall software and configuring it. I use <a href="http://hyperspin.com" rel="nofollow">hyperspin.com</a> and they can try to connect to a specific port instead or in addition to a classic ping.AnonymousFri, 24 Sep 2004 15:23:15 -0000http://www.tech-recipes.com/rx/40/disable-icmp-echo-ping-responses-in-linux/#comment-2766805But that would stop pings altogether. If you have a monitoring service, this would hurt you. You would never know if your server went down.<br><br>I would suggest installing APF fire wall, then do this:<br>pico -w /etc/apf/conf.apf<br><br>Change this:<br>IG_ICMP_TYPES="3,5,11,0,30,8"<br><br>To this:<br>IG_ICMP_TYPES="3,5,11,0,30"<br><br>So, if you have a monitoring service, add the monitor's IP to the alallow_hosts.rules file.<br><br>THEN:<br>service apf restart<br><br><br>That would block pings from all outside sources except the IP's you explicitly allow.AnonymousWed, 04 Aug 2004 19:01:21 -0000