How to Stop a Continuous Ping on Cambium Radio

The Cambium equipment comes with a nice little ping utility when you SSH to it. Very simple to use. Maybe we should say too simple.

usage: ping <host>
       ping -n <count> <host>
                count = 0 for continuous ping

So if I want to continuously ping a website, say incredigeek.com, I can put in the following

ping -n 0 incredigeek.com

Hit return and we are off to the races. But wait. I can’t get it to stop. Ctrl + C, doesn’t do anything, Ctrl + D or Ctrl +Z don’t help either.

Okay well fine. We’ll launch another terminal and ssh into it again and see what we can do. Excellent, now we are in aaand… wait… why are the ping results showing up here too? Help!!!

Buried in the heart of the helpful help command are these lines.

       ping -- Send ICMP ECHO_REQUEST packets to network hosts
    pingend -- End ICMP ECHO_REQUEST packets to network hosts

You don’t say. Well lets try typing in pingend with all the commotion going on in the terminal.

SSH+> pingend
Ping statistics for 142.250.191.206:
        Packets: Sent = 3, Received = 3, Lost = 0 (0% loss)

Well good to know. Saves having to reboot the device.

Enable Logging for firewalld

Enabling logging on firewall rules can be beneficial for tracking why a certain rule is not behaving as you intended.

Enabling logging is relatively straight forward.

  • Enable Firewall Logging
  • Check Logs
  • Disable Firewall Logging (Optional)

Enable Firewall Logging

Quickest way to enable logging is to run

sudo firewall-cmd --set-log-denied=all

This changes the options in the /etc/firewalld/firewalld.conf config file. Options include all, unicast, broadcast, multicast, and off

Enable Log option for firewalld

The command also reloads the firewall so manually restarting the firewall is necessary.

Checking Logs

You can use dmesg to view the failed attempts or you can follow the messages log and filter to just show the rejects

sudo tail -f /var/log/messages | grep -i REJECT

You can now try to access the server or run a test to trigger a log event. In my case I tried initiating a SSH connection.

Oct  1 16:32:10 localhost kernel: FINAL_REJECT: IN=eno1 OUT= MAC=f8:ab:98:12:fe:11:a1:ec:a6:00:67:3e:97:00 SRC=192.168.1.1 DST=192.168.88.2 LEN=60 TOS=0x08 PREC=0x40 TTL=59 ID=43080 DF PROTO=TCP SPT=38192 DPT=22 WINDOW=52240 RES=0x00 SYN URGP=0

Interesting bits are bolded. Our destination port it 22 “ssh” and our source address is 192.168.1.1. If I want this IP to access the server, I’ll need to add the 192.168.1.1 IP range in the allowed IP ranges.

Disable Logging (Optional)

After you have finished troubleshooting your problem, you may want to turn the logging feature off so you don’t fill up the logs with failed entries.

You can turn it off with

sudo firewall-cmd --set-log-denied=off

We can verify that logging is off by running

sudo firewall-cmd --get-log-denied 

If the firewall logging option is off it will return “off”

The following site has some more information and alternative ways

https://www.cyberciti.biz/faq/enable-firewalld-logging-for-denied-packets-on-linux/