Konfigurasi Firewall UFW: Difference between revisions

← Older edit

VisualWikitext

@@ Line 66: / Line 66: @@
   sudo ufw delete deny 23/tcp
-==Source==
+== Block ping (ICMP) ==
+In order to deny any incoming ICMP ping requests we need to modify <code>/etc/ufw/before.rules</code> UFW’s configuration file. First, make a backup copy:
+<syntaxhighlight lang="bash">
+sudo cp /etc/ufw/before.rules /etc/ufw/before.rules_backup
+</syntaxhighlight>
+Next, open the file with root privileges using your favorite text editor and change:
+FROM:
+<syntaxhighlight lang="bash">
+ # ok icmp codes for INPUT
+ -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
+ -A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
+ -A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
+ -A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
+ -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
+</syntaxhighlight>
+TO:
+<syntaxhighlight lang="bash">
+  # ok icmp codes for INPUT
+ -A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
+ -A ufw-before-input -p icmp --icmp-type source-quench -j DROP
+ -A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
+ -A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
+ -A ufw-before-input -p icmp --icmp-type echo-request -j DROP
+</syntaxhighlight>
+== Source ==
 *[https://www.linuxbabe.com/security/ufw-firewall-debian-ubuntu-linux-mint-server linuxbabe.com]
 *[https://www.cyberciti.biz/faq/how-to-delete-a-ufw-firewall-rule-on-ubuntu-debian-linux/ cyberciti.biz]
+*[https://linuxconfig.org/how-to-deny-icmp-ping-requests-on-ubuntu-18-04-bionic-beaver-linux linuxconfig.org]
 [[Category:Server]]
 [[Category:Security]]
+[[Category:Firewall]]