Ping is used to check if the machine is up and is connected to the network and working well on that particular network.
The basic methodology here is that a network packet is sent to the machine if the machine is up it will answer with a response. If the machine is down and not on the network we will not get any answer from the given ping.
In this article, we will see how to block the PING requests.
The following Linux commands can be used to block ping.
- sudo echo “1” > /proc/sys/net/ipv4/icmp_echo_ignore_all
- sudo sysctl -w net.ipv4.icmp_echo_ignore_all=1 && sysctl -p
- sudo iptables -A INPUT -p icmp –icmp-type echo-request -j REJECT
- sudo iptables -A INPUT -p icmp –icmp-type echo-request -j DROP
- sudo iptables -A OUTPUT -p icmp –icmp-type echo-reply -j DROP
What is ICMP?
ICMP is short for Internet Control Message Protocol. It is a network layer protocol used by network devices to diagnose network communication issues.
Ping is one of the most basic network debugging tools. It sends ICMP echo request packets to a host. If the host gets the packet and feels nice enough, it sends an ICMP echo-response packet in return.
Ping is a tool commonly used to find the status of a device on a network. Ping is based on the ICMP protocol. When a Ping process request is sent out as an ICMP echo to the target device, it replies with an ICMP echo reply if the device is available.
ping is used to send a test packet, or echo packet, to a device to find out whether it is reachable and how long the packet takes to reach the device. There are two important purposes.
- test the network availability to device
- network latency between two devices
Understanding ICMP Type
ICMP type is the first 8 bits in the ICMP message header. It provides a brief explanation of what the message is for so the receiving network device knows why it is getting the message and how to treat it.
For example, a Type 8 Echo is a query a host sends to see if a potential destination system is available. Upon receiving an Echo message, the receiving device might send back an Echo Reply (Type 0), indicating it is available.
Block PING requests via kernel parameters in Linux
The best way to permanently block ping in Linux, we can run the following commands.
- Edit /etc/sysctl.conf
- Add the this line net.ipv4.icmp_echo_ignore_all=1 to file /etc/sysctl.conf
- sysctl -p
net.ipv4.icmp_echo_ignore_all is the parameter that controls the system to respond against the incoming ICMP request. 0 means yes while 1 means no response to the request. Here, 1 implies all requests will be ignored or rejected. These two ways only block ping request temporarily.
- $ sudo echo “1” > /proc/sys/net/ipv4/icmp_echo_ignore_all
- $ sudo sysctl -w net.ipv4.icmp_echo_ignore_all=1
We can run the command to check if the ping request is enabled or not. cat /proc/sys/net/ipv4/icmp_echo_ignore_all
Blocking PING requests with iptables in Linux
The iptables is the Linux command line firewall which allows us to manage incoming and outgoing traffic based on a set of rules. The following rules are used to disable ping to and from the server normally.
- # sudo iptables -A INPUT -p icmp –icmp-type echo-request -j REJECT
A : This command switch is used to add the rule.
Or else, use the below rules in order to disable ping without printing an error message.
- # sudo iptables -A INPUT -p icmp –icmp-type echo-request -j DROP
- # sudo iptables -A OUTPUT -p icmp –icmp-type echo-reply -j DROP
List the rules added in iptables using the below command. # iptables -L