The icmp type is specified from the origins port number. So to block icmp timestamp requests from your internal network you should use:
ipchains -p icmp -s $INTIP/0 13 -i $INTIF -j DENY And to block icmp timestamp reply you should use: ipchains -p icmp -s 0.0.0.0/0 14 -i $EXTIF -j DENY Hope that helped. With best regards Johan. On 6 Dec 99, at 14:17, Ralf G. R. Bergs wrote: >snippet< > Hi there.... > why isn't it enough to add the following to the beginning of > I50external.rul: > $IPCHAINS -A input -j DENY -i $i -p ICMP -d $IPOFIF/32 13 >..... > CyberCop is STILL able to retrieve the timestamp via ICMP. > Any ideas?! > TIA, Ralf >/snippet< ********************************************************** Johan Hagstr�m Data Ingenj�r / KTH Direkt: 0498 - 202732 [EMAIL PROTECTED] V�xel: 0498 - 202700 Fax: 0498 - 214640 Intron Service AB http://www.gotlandica.com "Security is not a solution. It is a way of life." **********************************************************
