Linux disable or drop / block ping packets all together

You can setup kernel variable to drop all ping packets. Type the following command at shell prompt:
# echo “1” > /proc/sys/net/ipv4/icmp_echo_ignore_all

This instructs the kernel to simply ignore all ping requests (ICMP type 0 messages). To enable ping request type the command:
echo “0” > /proc/sys/net/ipv4/icmp_echo_ignore_all

You can add following line to /etc/sysctl.conf file:
# vi /etc/sysctl.conf
Append following line:
net.ipv4.icmp_echo_ignore_all = 1

Save and close the file.

Sometimes ping request can be handy for testing your own server. You can disable ICMP type 0 messages in the firewall so that local administrators to continue to use ping command for their own server. Following command block all ICMP packets including ping request:
# iptables -A INPUT -p icmp -j DROP

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s