How to disable or drop Ping (ICMP) packets to your server? [Linux Basics]

Updated on September 3, 2017

One of our regular reader at Techglimpse, asked me this question. Question: How can i disable ping requests to my linux machine? Well, here’s how you can do that.

Generally, ping request generates Internet Control Message Protocol (ICMP) packets. ICMP is one of the protocol from Internet Protocol suite, which is used by network elements such as routers to send error messages to indicate that the requested service or host is not reachable. So it means disabling the ICMP packets to your machine, should deny the ping requests. Another command that sends ICMP packets is ‘traceroute’ in linux and ‘tracert’ in windows. Denying the ICMP packets will disable ‘traceroute’ to your server as well.

Disable Ping requests

To do that, you have to set a kernel variable as below,

$echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

The above command will set the kernel variable icmp_echo_ignore_all to set ‘1’, which will actually ignore the ICMP packets. To revert it back, set the variable to ‘0’.

$echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all

You can also set this variable in /etc/sysctl.conf file.

$vi /etc/sysctl.conf

Add the following line:

net.ipv4.icmp_echo_ignore_all = 1

Once the ICMP packets are denied at your machine, checkout ping and traceroute.

Sample output : tracert

Tracing route to over a maximum of 30 hops
1 3 ms <1 ms <1 ms
 2 <1 ms <1 ms <1 ms
 3 * * * Request timed out.
 4 * * * Request timed out.
 5 * * * Request timed out.
 6 * * * Request timed out.

Note: You might consider to disable ping requests due to security reasons, but sometimes it’s useful to monitor your network reachability.

Also checkout this guide: A Definitive guide to Secure your Web Server – 50 Best Practices

Was this article helpful?

Related Articles

Leave a Comment