Ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol (IP) network. It is available for virtually all operating systems that have networking capability, including most embedded network administration software.ping @ wikipedia.org
Many times, users will ping a server to check if it is online. We will present two methods of blocking such requests.
A. Disable ping via /etc/sysctl.conf
1. Edit the
/etc/sysctl.conf file and add the following lines:
net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_echo_ignore_all = 1
2. Update the settings with:
Explanations for the above options from ip-sysctl documentation :
icmp_echo_ignore_broadcasts - BOOLEAN If set non-zero, then the kernel will ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast. Default: 1 icmp_echo_ignore_all - BOOLEAN If set non-zero, then the kernel will ignore all ICMP ECHO requests sent to it. Default: 0
B. Disable ping via csf (ConfigServer Security & Firewall)
csf is a very well-known firewall installed on many servers. You can disable/block ICMP responses with it. Edit the csf configuration file:
and update the ICMP_IN option to “0” :
# Allow incoming PING ICMP_IN = "0"
Restart csf and lfd with:
service lfd restart service csf restart