Ping is used to check if the machine is up and is connected to the network and working well on that particular network.
The basic methodology here is that a network packet is sent to the machine if the machine is up it will answer with a response. If the machine is down and not on the network we will not get any answer from the given ping.
In this article, we will see how to block the PING requests.
Block PING requests via kernel parameters
net.ipv4.icmp_echo_ignore_all is the parameter that controls the system to respond against the incoming ICMP request. 0 means yes while 1 means no response to the request. Here, 1 implies all requests will be ignored or rejected.
$ sudo echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
$ sudo sysctl -w net.ipv4.icmp_echo_ignore_all=1
The above two ways only block ping request temporarily.
To permanently modify the parameters of the kernel, we can use /etc/sysctl.conf file. To block the requests, we can run the following commands.
Add the this line net.ipv4.icmp_echo_ignore_all=1 to our /etc/sysctl.conf
We can run the command to check if the ping request is enabled or not.
# cat /proc/sys/net/ipv4/icmp_echo_ignore_all
Blocking PING requests with iptables
The iptables is the Linux command line firewall which allows us to manage incoming and outgoing traffic based on a set of rules. The following rules are used to disable ping to and from the server normally.
# sudo iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT
A : This command switch is used to add the rule.
Or else, use the below rules in order to disable ping without printing an error message.
# sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
# sudo iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP
List the rules added in iptables using the below command.
# iptables -L