How to Block Ping ICMP Requests to Linux Systems

Some system administrators often block ICMP messages to their servers in order to hide the Linux boxes to outside world on rough networks or to prevent some kind of IP flooding and denial of...

Spread the love

Some system administrators often block ICMP messages to their servers in order to hide the Linux boxes to outside world on rough networks or to prevent some kind of IP flooding and denial of service attacks.

The most simple method to block ping command on Linux systems is by adding an iptables rule, as shown in the below example. Iptables is a part of Linux kernel netfilter and, usually, is installed by default in most Linux environments.

# iptables -A INPUT --proto icmp -j DROP
# iptables -L -n -v [List Iptables Rules]

Another general method of blocking ICMP messages in your Linux system is to add the below kernel variable that will drop all ping packets.

# echo “1” > /proc/sys/net/ipv4/icmp_echo_ignore_all

In order to make the above rule permanent, append following line to /etc/sysctl.conf file and, subsequently, apply the rule with sysctl command.

# echo “net.ipv4.icmp_echo_ignore_all = 1” >> /etc/sysctl.conf # sysctl -p


In Debian-based Linux distributions that ship with UFW application firewall, you can block ICMP messages by adding the following rule to /etc/ufw/before.rules file, as illustrated in the below excerpt.

-A ufw-before-input -p icmp --icmp-type echo-request -j DROP
Block Ping ICMP Request in UFW Firewall

Block Ping ICMP Request in UFW Firewall

Restart UFW firewall to apply the rule, by issuing the below commands.

# ufw disable && ufw enable

In CentOS or Red Hat Enterprise Linux distribution that use Firewalld interface to manage iptables rules, add the below rule to drop ping messages.

# firewall-cmd --zone=public --remove-icmp-block={echo-request,echo-reply,timestamp-reply,timestamp-request} --permanent # firewall-cmd --reload

In order to test if the firewall rules had been successfully applied in all the cases discussed above, try to ping your Linux machine IP address from a remote system. In case ICMP messages are blocked to your Linux box, you should get a “Request timed out” or “Destination Host unreachable” messages on the remote machine.

Facebook Comments

More Stuff

Arizona State University released a free sci-fi anthology about th... Over the last couple of years, organizations and companies have begun to look at science fiction in ways that go beyond mere entertainment, with write...
Scrape Websites for Information Easily using Code.xyz and Node.js A web scraper is a tool that allows us to select and transform a website’s unstructured data into a structured database. So where would a web scraper...
Bitcoin Is Money TLDR: Money is a tool for recording value exchanged among economic participants. One way to record such value is in a digital ledger. Bitcoin is the...
Deal: Learn Machine Learning with Python Course and E-Book Bundle ... Artificial Intelligence is becoming an integral part of our everyday lives, through various technologies such as check-scanning machines, GPS navigati...
Spread the love

Posted by News Monkey