System Administration
Enable Persistent Ping
To persistently enable ICMP echo requests:
Command line
1 Log in to the Sentriant AG server as root using SSH or directly with a keyboard.
2 Open the rc.local file with a text editor such as
/etc/rc.d/rc.local
3 In the # Ignore All ICMP requests area, change the following line:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
To:
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
4 Save and exit the file.
5 At the command line, enter the following:
/etc/rc.d/rc.local
Restricting the ICMP Request
If you wish to restrict the ping request to a specific interface, such as the interface facing the protected
network, then after following the procedures above, follow the instructions in this section to add rules
to the firewall chain so that ping requests are only viable through the interface specified.
To restrict ping entries to a specific interface:
Command line
1 At the MS command line, enter the following iptables entries in this order:
iptables -A RH-Lokkit-0-50-INPUT -p icmp --icmp-type echo-request -i ethx -j
ACCEPT
iptables -A RH-Lokkit-0-50-INPUT -p icmp --icmp-type echo-request -j DROP
Where:
is the interface that you wish to be "pingable". For example, eth0.
ethx
2 In order for these changes to persist through reboots, enter the following command at the command
line:
402
For example:
vi.
Sentriant AG Software Users Guide, Version 5.2