Setting method for Linux to prohibit or allow Ping

Time:2022-1-15

Linux allows Ping response by default. Whether the system allows Ping is determined by two factors:

1、 Kernel parameters
2、 Firewall

Ping can only be allowed if two factors are allowed at the same time. Ping cannot be allowed if any of the two factors is forbidden.

The specific configuration method is as follows:

1、 Kernel parameter settings

1. Allow Ping settings

A. The commands that allow the Ping operation temporarily are: #echo 0 > / proc / sys / net / IPv4 / ICMP_ echo_ ignore_ all
B. The Ping configuration method is permanently allowed.

/etc/sysctl. Add a line to conf

net.ipv4.icmp_echo_ignore_all=1

If you already have net ipv4. icmp_ echo_ ignore_ All, just modify the value after the = sign (0 means allowed, 1 means prohibited).

After modification, execute sysctl – P to make the new configuration take effect.

2. Disable Ping setting

A. The command to temporarily prohibit Ping is:

#echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all

B. The Ping configuration method is permanently allowed.

/etc/sysctl. Add a line to conf

net.ipv4.icmp_echo_ignore_all=0

If you already have net ipv4. icmp_ echo_ ignore_ All, just modify the value after the = sign. (0 means allowed, 1 means prohibited)

After modification, execute sysctl – P to make the new configuration take effect.

2、 Firewall settings

Note: the premise of the method here is that the kernel configuration is the default value, that is, Ping is not prohibited)
Here, iptables firewall is taken as an example. For other firewall operation methods, please refer to the official document of firewall.

1. Allow Ping settings

iptables -A INPUT -p icmp –icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp –icmp-type echo-reply -j ACCEPT

Or you can temporarily stop the firewall operation.

service iptables stop

2. Disable Ping setting

iptables -A INPUT -p icmp –icmp-type 8 -s 0/0 -j DROP

This is the end of this article about how to prohibit Ping or allow Ping in Linux. For more information about prohibiting Ping in Linux, please search the previous articles of developeppaer or continue to browse the relevant articles below. I hope you will support developeppaer in the future!