How To
Summary
How to disable ICMP timestamp responses from the IBM i:
if there is a firewall in the network, create rules in the firewall.
if there is no firewall in the network, you will need to create filter rules on the IBM i.
Steps
Reference information:
Networking IP filtering and network address translation:
https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzajb/rzajbpdf.pdf
https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzajb/rzajbpdf.pdf
There is an automatic deny for anything that is not listed, so you will need to allow everything else except the ICMP timestamps.
You will need to have 5250 console session available so that if you get locked out,
you can run:
RMVTCPTBL TBL(*ALLRULE)
Interface is through:
Navigator for i
Network
IP Policies
Packet Rules
Network
IP Policies
Packet Rules
============================================================
Caution: The following filter example is provided on an unsupported, AS IS basis.
============================================================
You will need to change the FILTER_INTERFACE statement to specify your correct line description.
==================================================
ICMP_SERVICE ICMP_timestamp_13 TYPE = 13 CODE = *
ICMP_SERVICE ICMP_timestamp_14 TYPE = 14 CODE = *
SERVICE AllControl PROTOCOL = * DSTPORT = * SRCPORT = *
FILTER SET ICMP_time ACTION = DENY DIRECTION = INBOUND SRCADDR = * DSTADDR = * SERVICE = ICMP_timestamp_13 JRN = OFF
FILTER SET ICMP_time ACTION = DENY DIRECTION = OUTBOUND SRCADDR = * DSTADDR = * SERVICE = ICMP_timestamp_14 JRN = OFF
FILTER SET AllowAll ACTION = PERMIT DIRECTION = INBOUND SRCADDR = * DSTADDR = * SERVICE = AllControl JRN = OFF
FILTER SET AllowAll ACTION = PERMIT DIRECTION = OUTBOUND SRCADDR = * DSTADDR = * SERVICE = AllControl JRN = OFF
FILTER_INTERFACE LINE = yourlinedescription SET = ICMP_time, AllowAll
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CLlAAM","label":"Communications-\u003ESecurity Filter Rules IDS"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
More support for:
IBM i
Component:
Communications->Security Filter Rules IDS
Software version:
All Versions
Document number:
7148316
Modified date:
07 May 2024
UID
ibm17148316
Manage My Notification Subscriptions