# sysctl net.ipv4.icmp_echo_ignore_all
Most likely it will show zero which means your system will request and respond normally to pings. So now by changing the value of kernel parameter net.ipv4.icmp_echo_ignore_all to 1 from 0 will prevent other hosts from successfully pinging your server while not affecting your ability to ping other servers in the network.
To change the kernel parameter value,
# sysctl -w net.ipv4.icmp_echo_ignore_all=1
So now even if you try to ping your own network address from your host it should not work because by changing the kernel parameter value we told kernel to not respond any ICMP ECHO request.
The changes we made are temporary because sysctl command actually made the changes in /proc filesystem so if you want the changes to persist across reboots you need to put the below entry in /etc/sysctl.conf file at the bottom and you are done.
To add the entry in sysctl.conf run,
# echo "net.ipv4.icmp_echo_ignore_all=1" >> /etc/sysctl.conf
Any feedback will be highly appreciated.
Suggested Posts,
- Character Encoding: Convert from UTF-8 to ISO-8859-1
- udev: renamed network interface eth0 to eth1
- vCenter Server 5: Important Installation Tip
- Change Login Shell of Linux User
This post appeared on the softlexicon.com by Sumit Goel. Copyright © 2012 – softlexicon.com and Sumit Goel. All rights reserved. Not to be reproduced for commercial purposes without written permission.
Thank you for your help.
ReplyDeleteThank you for the feedback Danuel!
Deletewhy i am getting permission denied?
ReplyDeleteReally many thanks !!!
ReplyDeleteI was using : net.ipv4.conf.... as described in others site and i used yours and it works,
i'm pleased
use sudo. (denied perm), and enter your password.
ReplyDelete....
How can you use the /etc/sysctl.conf file to do the same thing? (responses on ping)
i know you can reload it without restarting with (promp) sysctl -p (to force the system to accept) however- where's the value in the conf... ?
You can also block ICMP IPv6 traffic using:
ReplyDeleteiptables -A INPUT -p icmpv6 --icmp-type echo-request -j DROP
Source: http://www.sysadmit.com/2016/03/linux-respuesta-ping-habilitar-o-deshabilitar.html