in

How to disable PING response in Linux

How to disable PING response in Linux

At some server hardening situation, we may need to disable the PING response, and we can do it as the following.

Edit /etc/sysctl.conf

sysctl is used to modify the kernel parameters at runtime, so we can affect the ping response parameter by add/edit the following line into  /etc/sysctl.conf config file:

net.ipv4.icmp_echo_ignore_all=1

Then:

sysctl -p
same time to turn off ping echo for ipv6 setting or add net.ipv6.icmp.echo_ignore_all=1 is working.

Or execute as root

# sysctl -a | grep -i icmp
net.netfilter.nf_conntrack_icmp_timeout = 30
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
-----------------
-----------------

To turn off ping, net.ipv4.icmp_echo_ignore_all = 1 is working.

# sysctl -w net.ipv4.icmp_echo_ignore_all=1
# sysctl -p

sysctl -p is to loading in sysctl settings from the file specified or /etc/sysctl.conf

Now try to ping your system from another system. It will not work. To enable it again,

# sysctl -w net.ipv4.icmp_echo_ignore_all=0

same time to turn off ping echo for ipv6 #sysctl-w net.ipv6.icmp.echo_ignore_all=1 is working.

Using iptables:

iptables -I INPUT -p icmp --icmp-type echo-request -j DROP

and can save using /etc/init.d/iptables save

With crontab:

Run crontab -e as root, then add the following line:

@reboot echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

and same for ipv6 @reboot echo "1" > /proc/sys/net/ipv6/icmp/echo_ignore_all

What do you think?

Comments

Lämna ett svar

Din e-postadress kommer inte publiceras. Obligatoriska fält är märkta *

Loading…

0
How to safely mount and read-only Linux Ext2/3/4 and LVM volumes on Windows OS

How to safely mount and read-only Linux Ext2/3/4 and LVM volumes on Windows OS

How to release unused or cached memory in Linux

How to release unused or cached memory in Linux