Pages

Ping: How to turn off ICMP ECHO Response on Linux Server

Kernel parameters provide a mechanism to adjust the functioning of the Linux kernel. The sysctl command can be used to view and set kernel parameters and ping response can also be denied by just changing the kernel parameter value. Let's check the present value of kernel parameter,

# sysctl net.ipv4.icmp_echo_ignore_all

Most likely it will show zero which means your system will request and respond normally to pings. So now by changing the value of kernel parameter net.ipv4.icmp_echo_ignore_all to 1 from 0 will prevent other hosts from successfully pinging your server while not affecting your ability to ping other servers in the network.

To change the kernel parameter value,

# sysctl -w net.ipv4.icmp_echo_ignore_all=1

So now even if you try to ping your own network address from your host it should not work because by changing the kernel parameter value we told kernel to not respond any ICMP ECHO request.

The changes we made are temporary because sysctl command actually made the changes in /proc filesystem so if you want the changes to persist across reboots you need to put the below entry in /etc/sysctl.conf file at the bottom and you are done.

To add the entry in sysctl.conf run,

# echo "net.ipv4.icmp_echo_ignore_all=1" >> /etc/sysctl.conf

Any feedback will be highly appreciated.

Suggested Posts,

This post appeared on the softlexicon.com by Sumit Goel. Copyright © 2012 – softlexicon.com and Sumit Goel. All rights reserved. Not to be reproduced for commercial purposes without written permission.

6 comments:

  1. why i am getting permission denied?

    ReplyDelete
  2. Really many thanks !!!
    I was using : net.ipv4.conf.... as described in others site and i used yours and it works,
    i'm pleased

    ReplyDelete
  3. use sudo. (denied perm), and enter your password.
    ....
    How can you use the /etc/sysctl.conf file to do the same thing? (responses on ping)

    i know you can reload it without restarting with (promp) sysctl -p (to force the system to accept) however- where's the value in the conf... ?

    ReplyDelete
  4. You can also block ICMP IPv6 traffic using:

    iptables -A INPUT -p icmpv6 --icmp-type echo-request -j DROP

    Source: http://www.sysadmit.com/2016/03/linux-respuesta-ping-habilitar-o-deshabilitar.html

    ReplyDelete

Be sure to check back again because I do make every effort to reply to your comments here.