From e2f5fbb115e65521fdc5a2d34b11814668e91fca Mon Sep 17 00:00:00 2001
From: TommyTran732 <tommytran732@protonmail.com>
Date: Sun, 26 Sep 2021 00:39:35 -0400
Subject: [PATCH] Blocking ICMP the better way

---
 install.sh | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/install.sh b/install.sh
index 3aa42a3..f6edead 100644
--- a/install.sh
+++ b/install.sh
@@ -895,8 +895,13 @@ block_icmp(){
     output "[2] No."
     read icmp
     case $icmp in
-        1 ) /sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP
-            (crontab -l ; echo "@reboot /sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP >> /dev/null 2>&1")| crontab - 
+        1 ) if [ "$lsb_dist" =  "ubuntu" ] || [ "$lsb_dist" =  "debian" ]; then
+                sed -i '/ufw-before-input.*icmp/s/ACCEPT/DROP/g' /etc/ufw/before.rules
+                sudo ufw reload
+            elif [ "$lsb_dist" =  "centos" ] || [ "$lsb_dist" =  "fedora" ] || [ "$lsb_dist" =  "rhel" ]; then
+                firewall-cmd --permanent --add-icmp-block-inversion
+                firewall-cmd --reload
+            fi
             ;;
         2 ) output "Skipping rule..."
             ;;