One of our regular reader at Techglimpse, asked me this question. Question: How can i disable ping requests to my linux machine? Well, here’s how you can do that.
Generally, ping request generates Internet Control Message Protocol (ICMP) packets. ICMP is one of the protocol from Internet Protocol suite, which is used by network elements such as routers to send error messages to indicate that the requested service or host is not reachable. So it means disabling the ICMP packets to your machine, should deny the ping requests. Another command that sends ICMP packets is ‘traceroute’ in linux and ‘tracert’ in windows. Denying the ICMP packets will disable ‘traceroute’ to your server as well.
Disable Ping requests
To do that, you have to set a kernel variable as below,
$echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
The above command will set the kernel variable icmp_echo_ignore_all to set ‘1’, which will actually ignore the ICMP packets. To revert it back, set the variable to ‘0’.
$echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
You can also set this variable in /etc/sysctl.conf file.
$vi /etc/sysctl.conf
Add the following line:
net.ipv4.icmp_echo_ignore_all = 1
Once the ICMP packets are denied at your machine, checkout ping and traceroute.
Sample output : tracert
>tracert 192.168.1.5
Tracing route to 192.168.1.5 over a maximum of 30 hops
1 3 ms <1 ms <1 ms 192.168.1.5 2 <1 ms <1 ms <1 ms 192.168.1.1 3 * * * Request timed out. 4 * * * Request timed out. 5 * * * Request timed out. 6 * * * Request timed out.
Note: You might consider to disable ping requests due to security reasons, but sometimes it’s useful to monitor your network reachability.
Also checkout this guide: A Definitive guide to Secure your Web Server – 50 Best Practices
