Linux defaults to allow ping responses, which means that ping is on, but ping may be the start of a network attack, so turning off ping can improve the server’s security factor. Whether the system allows ping is determined by two factors: 1. Kernel parameters, 2. Firewall. Two factors are required to allow ping at the same time. If any of them is forbidden, ping cannot be opened. The specific configuration method is as follows:

1, the kernel parameter settings

Allow/disable ping settings (permit ping by default)

The command to temporarily enable/disable ping is to modify the contents of the /proc/sys/net/ipv4/icmp_echo_ignore_all file. The contents of the file are only 1 character. 0 is for ping, 1 is forbidden, and there is no need to restart the server.

Permanently allow/disable ping configuration method:

Modify the file /etc/sysctl.conf and add a line at the end of the file:

Net.ipv4.icmp_echo_ignore_all = 1

If you already have the net.ipv4.icmp_echo_ignore_all line, you can directly change the value after the = sign to allow 0 and 1 to disable.

Execute sysctl -p after modification to make the new configuration take effect (important).

2, firewall settings (the premise of the method here is the kernel configuration is the default value, that is not prohibited ping)

Here takes the iptables firewall as an example. For other firewall operation methods, refer to the official firewall documentation.

Allow ping settings

Iptables -A INPUT -p icmp –icmp-type echo-request -j ACCEPT

Iptables -A OUTPUT -p icmp –icmp-type echo-reply -j ACCEPT

Or you can temporarily stop the firewall:

Service iptables stop

Prohibit ping setting

Iptables -A INPUT -p icmp –icmp-type 8 -s 0/0 -j DROP

Leave a comment

Your email address will not be published. Required fields are marked *

Blue Captcha Image


Protected by WP Anti Spam

Hit Counter provided by dental implants orange county