Gufw

gufw hide ip

Asked by Moti

Hello
How can I hide my IP?
I mean like dropping package and avoiding response for ping?
I can't see this option in gufw, I guess it was it the previous version.
Thanks

Question information

Language:
English Edit question
Status:
Solved
For:
Gufw Edit question
Assignee:
No assignee Edit question
Solved by:
Moti
Solved:
Last query:
Last reply:
Revision history for this message
Soul-Sing (soulzing) said : 		#1

indeed in the first package is was possible to avoid ping-reponse.
this possibility is dropped....

Revision history for this message
Vadim Peretokin (vperetokin) said : 		#2

It had to be removed because of the Ubuntu Policy rules and ufw doing this
wrongly.

Until 'ufw' fixes it, it unfortunately won't be possible to add this back as
it would violate the policy then.

Revision history for this message
Moti (mm2sa) said : 		#3

Is it possible to add this rule manually?

Revision history for this message
Soul-Sing (soulzing) said : 		#4

no, firestarter can do this for you.

Revision history for this message
Moti (mm2sa) said : 		#5

Thank you

Revision history for this message
costales (costales) said : 		#6

Hi! For hide ip manually:
$ sudo nano /etc/ufw/before.rules
Replace:
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
by:
#-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
Save file and exit.

Restart ufw with:
sudo /etc/init.d/ufw restart
Best regards.

Revision history for this message
Soul-Sing (soulzing) said : 		#7

that option isn´t in the graf. interface of gufw.

Revision history for this message
Vadim Peretokin (vperetokin) said : 		#8

Yes, because as explained before, this would violate the ubuntu policy for
packages.

Revision history for this message
Soul-Sing (soulzing) said : 		#9

: Enable PING

(Note: Security by obscurity may be of very little actual benefit with modern cracker scripts. By default, UFW blocks ping requests. You may find you wish to enable ping to diagnose networking problems.)

You need to edit /etc/ufw/before.rules and remove the commment on this line (remove the # in the front)

-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
----------------------------------------------------------------------------------------------------------------------------------------------------------------
marcos this: Hi! For hide ip manually:
$ sudo nano /etc/ufw/before.rules
Replace:
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
by:
#-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

seems incorrect to me.....
 By default, UFW blocks ping requests

Revision history for this message
Soul-Sing (soulzing) said : 		#10

to block ip:

You need to edit /etc/ufw/before.rules and add a section "Block IP" after "Drop INVALID packets" :

-A ufw-before-input -s 111.222.3.44 -j DROP #Assuming no loging is desired of course)
# drop INVALID packets
# uncomment to log INVALID packets
#-A ufw-before-input -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW B$
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP

# Block IP
# This it is efective :)
-A ufw-before-input -s 111.222.3.44 -j DROP