- \n
- Ubuntu 20.04 LTS<\/li>\n
- User with sudo privileges<\/li>\n<\/ul>\n
Note:<\/strong> The commands discussed here have been tested on Ubuntu 20.04 LTS.<\/p>\n
Block\/unblock ping requests to Linux Server<\/h2>\n
Ping works by sending an ICMP packet (Echo request) to the destination system and then receives a response ICMP packet (Echo reply). In Linux, the ping command continues sending ICMP packets until you stop it using Ctrl+C.<\/p>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2020\/10\/word-image-98.png\")
<\/p>\nIn order to block ping requests, you will need to ignore\/block the ICMP echo requests that are sent to your server. There are following two ways through which you can block\/unblock ICMP echo requests to the Linux server.<\/p>\n
- \n
- Through Kernel parameters<\/li>\n
- Through iptables<\/li>\n<\/ul>\n
Let\u2019s get started.<\/p>\n
Block\/unblock ping requests through kernel parameters<\/h3>\n
Through kernel parameters, you can block ping requests either temporarily or permanently. Kernel parameters can be modified through sysctl<\/strong> command, \/sys\/proc<\/strong> directory, and \/etc\/sysctl.conf file.<\/strong><\/p>\n
Temporary block\/unblock ping requests<\/h4>\n
The sysctl command in Linux is used to read and write kernel parameters in the \/proc\/sys<\/strong> directory. Using this command, we can set up kernel parameters to block\/unblock ping requests. The kernel parameter net.ipv4.icmp_echo_ignore_all <\/strong>controls whether the system should respond to the ICMP echo request. The default value of it is \u20180\u2019<\/strong> which means to respond to the ICMP request.<\/p>\n
Block Ping Request<\/h5>\n
In order to block ping request, issue the following command in Terminal:<\/p>\n
$ sudo sysctl -w net.ipv4.icmp_echo_ignore_all=1<\/pre>\n
This command sets the kernel parameter to ‘1’ which means to ignore all the ICMP requests.<\/p>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2020\/10\/word-image-99.png\")
<\/h5>\nNow all the ping requests to your system will be blocked and the sender will receive no response as shown in the below screenshot.<\/p>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2020\/10\/word-image-100.png\")
<\/h5>\nUnblock Ping Request<\/h5>\n
To unblock the ping requests, again run the same command by changing the parameter value to default \u20180\u2019.<\/p>\n
$ sudo sysctl -w net.ipv4.icmp_echo_ignore_all=0<\/pre>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2020\/10\/word-image-101.png\")
<\/p>\nAlternatively, you can block the ping requests by changing the kernel parameter value in the \/proc\/sys<\/strong> directory using the echo command. However, to use this method, you will need to run the command as root.<\/p>\n
In order to block ping request, first switch to root account using the following command in Terminal:<\/p>\n
$ su root<\/pre>\n
When prompted for the password, enter the password for root.<\/p>\n
Then issue the following command in Terminal:<\/p>\n
$ echo 1 > \/proc\/sys\/net\/ipv4\/icmp_echo_ignore_all<\/pre>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2020\/10\/word-image-102.png\")
<\/p>\nTo unblock the ping requests, the command would be:<\/p>\n
$ echo 0 > \/proc\/sys\/net\/ipv4\/icmp_echo_ignore_all<\/pre>\n
Permanently block ping requests<\/h2>\n
Kernel parameters can also be modified through the \/etc\/sysctl.conf<\/strong> file. This file will allow you to permanently block ping requests to your server.<\/p>\n
Block Ping Request<\/h5>\n
In order to block ping request to your system, edit \/etc\/sysctl.conf<\/strong> file:<\/p>\n
$ sudo nano \/etc\/sysctl.conf<\/pre>\n
Then append the following line in the file:<\/p>\n
net.ipv4.icmp_echo_ignore_all = 1<\/pre>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2020\/10\/word-image-103.png\")
<\/p>\nSave and close the file.<\/p>\n
Then issue the following command in Terminal to apply this configuration without reboot:<\/p>\n
$ sysctl -p<\/pre>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2020\/10\/word-image-104.png\")
<\/p>\nUnblock Ping Request<\/h5>\n
To unblock ping requests, edit the \/etc\/sysctl.conf<\/strong> file:<\/p>\n
$ sudo nano \/etc\/sysctl.conf<\/pre>\n
Then modify the value of net.ipv4.icmp_echo_ignore_all<\/strong> to \u20180\u2019<\/strong>:<\/p>\n
net.ipv4.icmp_echo_ignore_all = 0<\/pre>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2020\/10\/word-image-105.png\")
<\/p>\nSave and close the file.<\/p>\n
Then issue the following command in Terminal to apply this configuration without reboot:<\/p>\n
$ sysctl -p<\/pre>\n
Block\/unblock ping requests Using iptables<\/h2>\n
Iptables is a firewall utility in Linux that controls incoming and outgoing traffic based on certain rules. It comes preinstalled in the Ubuntu system. In case, it is missing from the system, you can install it using the following command in Terminal:<\/p>\n
$ sudo apt install iptables<\/pre>\n
Block Ping Request<\/h5>\n
To block ping requests to your system, type following command in Terminal:<\/p>\n
$ sudo iptables -A INPUT -p icmp --icmp-type 8 -j REJECT<\/pre>\n
Where the A<\/strong> flag is used to add a rule in iptables and icmp-type 8 <\/strong>is the ICMP type number used for echo request.<\/strong><\/p>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2020\/10\/word-image-106.png\")
<\/strong><\/p>\nThe above command will add a rule in the firewall that will block any incoming ping requests to your system. By adding this rule, anyone sending the ping request to your system will see the “Destination Port Unreachable<\/strong>” message as shown in the below screenshot.<\/p>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2020\/10\/word-image-107.png\")
<\/p>\nIf you do not want this message to appear, use the following command replacing REJECT<\/strong> with DROP<\/strong>:<\/p>\n
$ sudo iptables -A INPUT -p icmp --icmp-type 8 -j DROP<\/pre>\n
Now anyone sending the ping request to your system will see the following similar output:<\/p>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2020\/10\/word-image-108.png\")
<\/strong><\/p>\nUnblock Ping Request<\/h5>\n
In order to unblock ping requests to your server, type the following command in Terminal:<\/p>\n
$ sudo iptables -D INPUT -p icmp --icmp-type 8 -j REJECT<\/pre>\n
Where the D<\/strong> flag is used to delete a rule in iptables and icmp-type 8 <\/strong>is the ICMP type number used for an echo request.<\/strong><\/p>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2020\/10\/word-image-109.png\")
<\/strong><\/p>\nIn order to make these rules persistent after a system reboot, you will need iptables-persistent <\/strong>package. Issue the below command in Terminal to install iptables-persistent:<\/p>\n
$ sudo apt install iptables-persistent<\/pre>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2020\/10\/word-image-110.png\")
<\/p>\nYou will be asked to confirm whether you want to proceed with the installation or not. Hit y<\/strong> to proceed, after which the system will start the installation and once completed, it will be ready to use.<\/p>\n
After adding or deleting any rule, issue the following commands in Terminal to make them survive the system reboot.<\/p>\n
$ sudo netfilter-persistent save<\/pre>\n
$ sudo netfilter-persistent reload<\/pre>\n
In order to view all the rules added to your iptables, issue the following command in Terminal:<\/p>\n
$ sudo iptables -L<\/pre>\n
That is all there is to it! In this article, we have discussed how to block\/unblock ping requests to Linux Server either through the kernel parameters or through iptables utility. Hope this helps!<\/p>\n\n\n
<\/p>","protected":false},"excerpt":{"rendered":"
Ping is a network administration utility that is used to test the availability of a system on an IP network. Ping is also used to test the quality…<\/p>","protected":false},"author":1,"featured_media":255,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[14,15],"class_list":["post-238","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ubuntu","tag-ip-tables","tag-ping"],"_links":{"self":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/238","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/comments?post=238"}],"version-history":[{"count":0,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/238\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media\/255"}],"wp:attachment":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media?parent=238"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/categories?post=238"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/tags?post=238"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}