Problem
AppArmor provides a way to block network traffic using network rules such as:
deny network udp
deny network tcp
deny network icmp
udp, tcp, works fine but icmp does not work.
Additionally for icmp I tried (in vain):
deny network inet icmp
deny network dgram icmp [apparmor_parser reports error for this rule]
deny network raw
deny network packet
However, if I try deny network udp or deny network dgram, it blocks both icmp, and udp.
When I checked the socket calls from the ping utility, I found following (using strace ping -c1 8.8.8.8):
...
socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP) = 3
socket(AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6) = 4
...
Expectation
What AppArmor rule can be used to block ICMP traffic?
Settings
- AppArmor version: 3.0.4
- Distro: Ubuntu 22.04
- Util emitting ICMP traffic: ping