The method of Linux static Ping (server and firewall)


The Linux server administrator can restrict the server from Ping other users, and ensure that the Linux server can ping other servers at the same time. This article will introduce the method of Linux static Ping specifically for you.

First, log in to the server terminal and execute: echo 1 > / proc / sys / net / IPv4 / ICMP ﹣ echo ﹣ ignore ﹣ all

In this way, Ping can be banned. If you want to restore Ping, you can execute the command

echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all


Firewall way static ping command

echo “1″ > /proc/sys/net/ipv4/icmp_echo_ignore_all

You can’t Ping. You can’t Ping

Change its value to 1 and it will be “Ping forbidden”

Change its value to 0 to disable Ping

In fact, IPtable is the easiest

iptables -A INPUT -p icmp –icmp-type 8 -s 0/0 -j DROP

iptables -A INPUT -p icmp –icmp-type 0 -s 0/0 -j ACCEPT

iptables -A OUTPUT -p icmp –icmp-type 0 -s -j DROP

iptables -A OUTPUT -p icmp –icmp-type 8 -s -j ACCEPT

How to make others unable to Ping themselves, and how to Ping others by themselves, the problem is actually very simple. Use the following script

#/bin/bash iptables -F iptables -F -t nat iptables -X iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp -m multiport –dport 80,22 -j ACCEPT iptables -A INPUT -p icmp –icmp-type 0 -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A OUTPUT -m state –state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p tcp -m multiport –sport 80,22 -j ACCEPT iptables -A OUTPUT -p icmp –icmp-type 8 -j ACCEPT

Forbidden Ping and anti DDoS outsourcing of iptables applications

This paper mainly talks about two basic practical applications, mainly involving the prohibition of Ping (IPv4) and UDP, that is, the prohibition of hackers using servers to send DDoS attacks.

I. forbid Ping without iptables

Echo1 & gt; / proc / sys / net / IPv4 / ICMP? Echo? Igore? All? On

Echo 0 & gt; / proc / sys / net / IPv4 / ICMP > echo > ignore > all

2. Using iptables rule to prohibit Ping

iptables -A INPUT -p icmp –icmp-type8 -s 0/0 -j DROP

III. using iptables rules, prohibit the server from contracting out to prevent DDoS Attacks

Iptables – I output – P UDP — dport 53 – D – J accept – allow UDP service IP

Iptables – a output – P UDP – J drop – Disable UDP service

The above 53 port and 8888 are required for DNS service. If you do not know the DNS settings of this machine, you can execute the following command to get IP:


Recommended articles:

Detailed explanation of ping command in Linux