Linux disable or drop / block ping packets all together

by Posted on

Q. How do I disable or drop all ping packats all together?

A. Generally you can use iptables to block or allow ping requests.

You can setup kernel variable to drop all ping packets. Type the following command at shell prompt:
# echo “1” > /proc/sys/net/ipv4/icmp_echo_ignore_all

This instructs the kernel to simply ignore all ping requests (ICMP type 0 messages). To enable ping request type the command:
echo “0” > /proc/sys/net/ipv4/icmp_echo_ignore_all

You can add following line to /etc/sysctl.conf file:
# vi /etc/sysctl.conf
Append following line:
net.ipv4.icmp_echo_ignore_all = 1

Save and close the file.

Sometimes ping request can be handy for testing your own server. You can disable ICMP type 0 messages in the firewall so that local administrators to continue to use ping command for their own server. Following command block all ICMP packets including ping request:
# iptables -A INPUT -p icmp -j DROP

Posted by: SXI ADMIN

The author is the creator of SXI LLC and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Published by SXI ADMIN