disable external icmp (ping) on IPFire
Hit a little bit of a roadblock on this, on both IPCop and SmoothWall theres an option to turn off ICMP on RED (internet). No such luck on IPFire for some reason.
Anyways, long story short:
1) Login to the router
2) cd /etc/sysconfig
3) find the firewall.local file and open it in your preferred editor
4) Add the following in the start section (after the ## but before the ;;)
iptables -A CUSTOMINPUT -p icmp -i red0 –icmp-type 0 -j ACCEPT
iptables -A CUSTOMINPUT -p icmp -i red0 –icmp-type 3 -j ACCEPT
iptables -A CUSTOMINPUT -p icmp -i red0 –icmp-type 11 -j ACCEPT
iptables -A CUSTOMINPUT -p icmp -i red0 –icmp-type 8 -m limit –limit 1/second -j DROP
iptables -A CUSTOMINPUT -p icmp -i red0 -j DROP
5) Save it, reboot.
6) No more pinging on the red interface 🙂
This method will cause an error when attempting to install any addons as pakfire requires a ping to the servers when it installs. The method you listed above will in fact prevent ping responses but it will also prevent the firewall the ability to ping anything outside either thus causing pakfire to fail.
hmm interesting. I don’t have that problem on mine. Its possible that I forgot to add/subtract changes on the page that I made to my setup. Ill check it out later