Continuing the discussion from Disable the ping response on the red interface?:
@cfusco I saw that Michael @ms had removed the Ping Wiki page. Would you be so kind to re-create it with just the “not recommended” information? This would include removing the how-to for the
firewall.local and the
echo "net.ipv4.icmp_echo_ignore_all = 1" command.
I believe the “not recommended” information is a keeper!
Unfortunately I do not remember how it was written in the final form. Can you recover a copy of the last revision and pm the text to me? If yes, I will remove the “how to part” and leave only the explanation of why this is a bad idea.
I do not think that we should have pages like this on our wiki:
- It says it in the title: "not recommended. Why would we “not recommend” something like that? This is usually because there are so many caveats about what is being described that it is potentially causing problems and might be even dangerous for users who implement this.
- I do not like the idea of sending users to the console. There are too many things that can go wrong. We are building a distribution that is configured over the web. So why do we tell people to run things on the console?
The way to go should rather be that we either extend IPFire and add this feature, or we don’t. It is okay if there are things that we don’t support.
It is in the Recent Changes at the bottom of each Wiki page.
An the you look for some “ping” related and click on the two stacked arrows (right end of line)
This topic keeps recurring in the forum. How should we answer then? The intention was to quickly link to a wiki page and never speak of this again.
Same as before. Point them to this new “not recommended” wiki page
Let’s write a page with the real answer then: Don’t disable ICMP responses. There is no reason to do that.
All right @ms . I will do that and try to give some explanation why this should not be done. I will post the text in this thread before recreating a new page and tag you and @jon .
We should generally talk about these things first and then execute. That is why this section on here exists.
It is not fun either for me to delete something that people have worked hard on.
It was talked about in the middle of another thread.
As @jon pointed out, we always consult the community forum before making significant changes to the wiki. At least, I always do this. Going forward if you authorize me, I could tag you when I write an important change on the wiki so you will be notified.
Regarding page deletions, please don’t worry. I view it as valuable feedback and a learning opportunity.
Good luck with your work.
I don’t think we should blow this all out of proportion. You know what my intentions are here.
That someone wanted this documented, but not exactly what. The iptables rules in the post would simply break people’s installations and nobody would want that.
If people feel that there should be the option to turn off that the firewall replies to ICMP echo requests, then please submit that as a feature request and work on a patch. If we want people to go to the console and configure their own systems, then we could simply remove the web UI and recommend to use Debian.