Konfigurasi Firewall UFW: Difference between revisions
| Line 65: | Line 65: | ||
sudo ufw delete deny 23/tcp | sudo ufw delete deny 23/tcp | ||
== Block ping (ICMP) == | |||
In order to deny any incoming ICMP ping requests we need to modify <code>/etc/ufw/before.rules</code> UFW’s configuration file. First, make a backup copy: | |||
$ sudo cp /etc/ufw/before.rules /etc/ufw/before.rules_backup | |||
Next, open the file with root privileges using your favorite text editor and change: | |||
FROM: | |||
# ok icmp codes for INPUT | |||
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT | |||
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT | |||
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT | |||
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT | |||
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT | |||
TO: | |||
# ok icmp codes for INPUT | |||
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP | |||
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP | |||
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP | |||
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP | |||
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP | |||
== Source == | |||
==Source== | ==Source== | ||
*[https://www.linuxbabe.com/security/ufw-firewall-debian-ubuntu-linux-mint-server linuxbabe.com] | *[https://www.linuxbabe.com/security/ufw-firewall-debian-ubuntu-linux-mint-server linuxbabe.com] | ||
*[https://www.cyberciti.biz/faq/how-to-delete-a-ufw-firewall-rule-on-ubuntu-debian-linux/ cyberciti.biz] | *[https://www.cyberciti.biz/faq/how-to-delete-a-ufw-firewall-rule-on-ubuntu-debian-linux/ cyberciti.biz] | ||
*[https://linuxconfig.org/how-to-deny-icmp-ping-requests-on-ubuntu-18-04-bionic-beaver-linux linuxconfig.org] | |||
[[Category:Server]] | [[Category:Server]] | ||
[[Category:Security]] | [[Category:Security]] | ||
[[Category:Firewall]] | [[Category:Firewall]] | ||