This article is about how to block ping requests to Linux Server. We will also describe how to unblock the ping requests in case you need to use ping for system administration and troubleshooting.
Prerequisites
- Ubuntu 20.04 LTS
- User with sudo privileges
Note: The commands discussed here have been tested on Ubuntu 20.04 LTS.
Block/unblock ping requests to Linux Server
Ping works by sending an ICMP packet (Echo request) to the destination system and then receives a response ICMP packet (Echo reply). In Linux, the ping command continues sending ICMP packets until you stop it using Ctrl+C.
In order to block ping requests, you will need to ignore/block the ICMP echo requests that are sent to your server. There are following two ways through which you can block/unblock ICMP echo requests to the Linux server.
- Through Kernel parameters
- Through iptables
Let’s get started.
Block/unblock ping requests through kernel parameters
Through kernel parameters, you can block ping requests either temporarily or permanently. Kernel parameters can be modified through sysctl command, /sys/proc directory, and /etc/sysctl.conf file.
Temporary block/unblock ping requests
The sysctl command in Linux is used to read and write kernel parameters in the /proc/sys directory. Using this command, we can set up kernel parameters to block/unblock ping requests. The kernel parameter net.ipv4.icmp_echo_ignore_all controls whether the system should respond to the ICMP echo request. The default value of it is ‘0’ which means to respond to the ICMP request.
Block Ping Request
In order to block ping request, issue the following command in Terminal:
This command sets the kernel parameter to ‘1’ which means to ignore all the ICMP requests.
Now all the ping requests to your system will be blocked and the sender will receive no response as shown in the below screenshot.
Unblock Ping Request
To unblock the ping requests, again run the same command by changing the parameter value to default ‘0’.
Alternatively, you can block the ping requests by changing the kernel parameter value in the /proc/sys directory using the echo command. However, to use this method, you will need to run the command as root.
In order to block ping request, first switch to root account using the following command in Terminal:
When prompted for the password, enter the password for root.
Then issue the following command in Terminal:
To unblock the ping requests, the command would be:
Permanently block ping requests
Kernel parameters can also be modified through the /etc/sysctl.conf file. This file will allow you to permanently block ping requests to your server.
Block Ping Request
In order to block ping request to your system, edit /etc/sysctl.conf file:
Then append the following line in the file:
Save and close the file.
Then issue the following command in Terminal to apply this configuration without reboot:
Unblock Ping Request
To unblock ping requests, edit the /etc/sysctl.conf file:
Then modify the value of net.ipv4.icmp_echo_ignore_all to ‘0’:
Save and close the file.
Then issue the following command in Terminal to apply this configuration without reboot:
Block/unblock ping requests Using iptables
Iptables is a firewall utility in Linux that controls incoming and outgoing traffic based on certain rules. It comes preinstalled in the Ubuntu system. In case, it is missing from the system, you can install it using the following command in Terminal:
Block Ping Request
To block ping requests to your system, type following command in Terminal:
Where the A flag is used to add a rule in iptables and icmp-type 8 is the ICMP type number used for echo request.
The above command will add a rule in the firewall that will block any incoming ping requests to your system. By adding this rule, anyone sending the ping request to your system will see the “Destination Port Unreachable” message as shown in the below screenshot.
If you do not want this message to appear, use the following command replacing REJECT with DROP:
Now anyone sending the ping request to your system will see the following similar output:
Unblock Ping Request
In order to unblock ping requests to your server, type the following command in Terminal:
Where the D flag is used to delete a rule in iptables and icmp-type 8 is the ICMP type number used for an echo request.
In order to make these rules persistent after a system reboot, you will need iptables-persistent package. Issue the below command in Terminal to install iptables-persistent:
You will be asked to confirm whether you want to proceed with the installation or not. Hit y to proceed, after which the system will start the installation and once completed, it will be ready to use.
After adding or deleting any rule, issue the following commands in Terminal to make them survive the system reboot.
$ sudo netfilter-persistent reload
In order to view all the rules added to your iptables, issue the following command in Terminal:
That is all there is to it! In this article, we have discussed how to block/unblock ping requests to Linux Server either through the kernel parameters or through iptables utility. Hope this helps!
from Linux Hint https://ift.tt/3bFT1IC
0 Comments