Konfigurasi Firewall UFW: Difference between revisions
| Line 68: | Line 68: | ||
== Block ping (ICMP) == | == Block ping (ICMP) == | ||
In order to deny any incoming ICMP ping requests we need to modify <code>/etc/ufw/before.rules</code> UFW’s configuration file. First, make a backup copy: | In order to deny any incoming ICMP ping requests we need to modify <code>/etc/ufw/before.rules</code> UFW’s configuration file. First, make a backup copy: | ||
<syntaxhighlight lang="bash"> | |||
sudo cp /etc/ufw/before.rules /etc/ufw/before.rules_backup | |||
</syntaxhighlight> | |||
Next, open the file with root privileges using your favorite text editor and change: | Next, open the file with root privileges using your favorite text editor and change: | ||
FROM: | FROM: | ||
<syntaxhighlight lang="bash"> | |||
# ok icmp codes for INPUT | # ok icmp codes for INPUT | ||
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT | -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT | ||
| Line 78: | Line 84: | ||
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT | -A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT | ||
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT | -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT | ||
</syntaxhighlight> | |||
TO: | TO: | ||
<syntaxhighlight lang="bash"> | |||
# ok icmp codes for INPUT | # ok icmp codes for INPUT | ||
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP | -A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP | ||
| Line 85: | Line 94: | ||
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP | -A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP | ||
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP | -A ufw-before-input -p icmp --icmp-type echo-request -j DROP | ||
</syntaxhighlight> | |||
== Source == | == Source == | ||