How to disable ping command (ICMP echo)

Ping is a utility used to check whether a host is reachable. Ping will send ICMP echo request packets to the target host. According to Wikipedia, ping is:

Ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol (IP) network. It is available for virtually all operating systems that have networking capability, including most embedded network administration software.

ping @

Many times, users will ping a server to check if it is online. We will present two methods of blocking such requests.

A. Disable ping via /etc/sysctl.conf

1. Edit the /etc/sysctl.conf file and add the following lines:

net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_echo_ignore_all = 1

2. Update the settings with:

sysctl -p

Explanations for the above options from ip-sysctl documentation :

icmp_echo_ignore_broadcasts - BOOLEAN
	If set non-zero, then the kernel will ignore all ICMP ECHO and
	TIMESTAMP requests sent to it via broadcast/multicast.
	Default: 1

icmp_echo_ignore_all - BOOLEAN
	If set non-zero, then the kernel will ignore all ICMP ECHO
	requests sent to it.
	Default: 0

B. Disable ping via csf (ConfigServer Security & Firewall)

csf is a very well-known firewall installed on many servers. You can disable/block ICMP responses with it. Edit the csf configuration file:


and update the ICMP_IN option to “0” :

# Allow incoming PING
ICMP_IN = "0"

Restart csf and lfd with:

service lfd restart
service csf restart

Leave a Reply