Setting up a firewall: Block ping (ICMP)

66Gramms · October 9, 2020, 2:21pm

Hi all!

So I’ve started university a few weeks ago and already learned so much about networking. After a few lessons I realized that it’d be very simple to do a few “hacks” or more like abuses on a local network just by hand crafting packets with a spoofed IP / MAC address. After googling and asking my teacher about it, both confirmed this, so now I’m looking into a way to secure my notebook a bit more.

I’ve installed gufw on my machine, and the first thing I’d like to block is ping requests, as if they can’t find me on the network it’s much harder to attack my machine. I know that ping is not the only way to find a host on the network so I’d like to know what settings you recommend I set in the firewall?

Also how could I block ping requests? I can’t seem to find a way, as it’s not in the list of preconfigs, and the best I can do in the advanced tab is to give a port number to block, which won’t help much as ICMP packets don’t use a port as far as I know (due to being lower level protocol).

I’d also like my firewall to log suspicous activity.

Any help in setting up the firewall and a safer machine would be much appreciated!

chomsky · October 9, 2020, 2:23pm

To disable remote ping change ACCEPT to DROP in /etc/ufw/before.rules on the following lines:

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

To activater logging type:

sudo ufw logging on

in the terminal

See the Arch wiki for more info: Uncomplicated Firewall - ArchWiki

66Gramms · October 8, 2020, 1:22pm

Thank you!

And what other measures shall I take to make it safer for my machine?

Fabby · October 9, 2020, 2:21pm

I’ve marked the below answer as the solution to your question as it is by far the best answer you’ll get.

However, if you disagree with my choice, please feel free to take any other answer as the solution to your question or even remove the solution altogether: You are in control! (I just want to avoid even more subjective opinions being posted and confusing you even more)

P.S. In the future, please please don’t forget to come back and click the 3 dots below the answer to mark a solution like this below the answer that helped you most :

so that the next person that has the exact same problem you just had will benefit from your post as well as your question will now be in the “solved” status.