book

Mastering Linux Security and Hardening - Second Edition

by Donald A. Tevault

February 2020

Intermediate to advanced

666 pages

15h 45m

English

Packt Publishing

Read now

Unlock full access

Content preview from Mastering Linux Security and Hardening - Second Edition

Blocking ICMP

Let's take another look at the status of the default public zone:

[donnie@localhost ~]$ sudo firewall-cmd --info-zone=publicpublic (active)  target: default  icmp-block-inversion: no  interfaces: enp0s3  sources:   services: ssh dhcpv6-client  ports: 53/tcp 53/udp  protocols:   masquerade: no  forward-ports:   source-ports:   icmp-blocks:   rich rules: [donnie@localhost ~]$

Toward the bottom, we can see the icmp-block line, with nothing beside it. This means that our public zone allows all ICMP packets to come through. This isn't ideal, of course, because there are certain types of ICMP packets that we want to block. Before we block anything, let's look at all of the ICMP types that are available to us:

[donnie@localhost ~]$ sudo firewall-cmd ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Mastering Linux Security and Hardening - Third Edition

Donald A. Tevault

Linux Basics for Hackers

OccupyTheWeb .

Mastering Windows Security and Hardening - Second Edition

Mark Dunkerley, Matt Tumbarello

UNIX and Linux System Administration Handbook, 5th Edition

Trent R. Hein, Evi Nemeth, Garth Snyder, Ben Whaley, Dan Mackin

Publisher Resources

ISBN: 9781838981778Supplemental Content