{"id":3164,"date":"2021-01-04T19:33:09","date_gmt":"2021-01-04T19:33:09","guid":{"rendered":"https:\/\/linuxways.net\/?p=3164"},"modified":"2021-01-04T19:37:21","modified_gmt":"2021-01-04T19:37:21","slug":"how-to-block-or-unblock-ping-request-on-debian-10","status":"publish","type":"post","link":"https:\/\/linuxways.net\/de\/debian\/how-to-block-or-unblock-ping-request-on-debian-10\/","title":{"rendered":"How to Block or Unblock Ping Request on Debian 10"},"content":{"rendered":"<p><a href=\"https:\/\/linuxways.net\/de\/mint\/how-to-use-ping-command-in-linux-mint-20\/\">Ping<\/a> is a network utility used to check the availability of a system on an internet protocol network using the ICMP echo request and echo reply messages. However, some network administrator prefers blocking ping as they consider it a security issue for some reasons. In an earlier post, we have explained <a href=\"https:\/\/linuxways.net\/de\/ubuntu\/how-to-block-unblock-ping-requests-to-ubuntu-server-20-04-lts\/\">how to block or unblock ping request on Ubuntu 20.04<\/a>. This post will be about how to block or unblock ping requests on Debian.<\/p>\n<h2>Prerequisites<\/h2>\n<ul>\n<li>Debian OS<\/li>\n<li>Sudo user<\/li>\n<\/ul>\n<p><strong>Note:<\/strong> The procedure explained here have been tested on <strong>Debian 10 (Buster)<\/strong> system.<\/p>\n<h2>Block or Unblock Ping Requests on Debian<\/h2>\n<p>Ping sends an ICMP echo request towards the target system and then obtains an ICMP echo reply. In Linux OS, when you ping an <a href=\"https:\/\/linuxways.net\/de\/debian\/how-to-find-your-private-ip-address-in-debian-10\/\">IP address<\/a>, it continues to send ICMP packets until you press Ctrl+C to stop it. To send a specific number of packets, use the ping with <strong>-c<\/strong> option. For instance, to send 3 ICMP packets, you can use the following command:<\/p>\n<pre>$ ping -c 3 &lt;ip-address or hostname&gt;<\/pre>\n<p>To block ping requests to the Debian system, there are the following two options:<\/p>\n<ul>\n<li>Through kernel parameters<\/li>\n<li>Through iptables<\/li>\n<\/ul>\n<p>We are going to explain both options for blocking the ping requests on Debian system.<\/p>\n<h3>Block or Unblock Ping Requests through Kernel Parameters<\/h3>\n<p>Ping requests can be blocked\/unblocked by modifying the kernel parameter <strong>net.ipv4.icmp_echo_ignore_all<\/strong>. This parameter controls whether the system should respond to ping requests or not. The default value of kernel parameter <strong>net.ipv4.icmp_echo_ignore_all <\/strong>is<strong> \u201c0\u201d <\/strong>which means to allow all the ping requests<strong>. <\/strong>By modifying the value of this kernel parameter, you can make the system block the ping requests.<\/p>\n<p>There are three different ways to modify the kernel parameters:<\/p>\n<ol>\n<li>Through \u201csysctl\u201d command<\/li>\n<li>Through \u201cicmp_echo_ignore_all\u201d file<\/li>\n<li>Through \u201c\/etc\/sysctl.conf\u201d file<\/li>\n<\/ol>\n<p>To find whether the system is currently blocking or allowing the ping requests, issue the following command in Terminal:<\/p>\n<pre>$ sudo sysctl -ar \u2018icmp_echo\u2019<\/pre>\n<p>The value of \u201cicmp_echo_ignore_all\u201d equals to \u201c0\u201d means ping is unblocked while value\u201c1\u201d means ping is unblocked. The following output shows ping is currently unblocked in our system.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"482\" height=\"85\" class=\"wp-image-3165\" src=\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-7.png\" srcset=\"https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-7.png 482w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-7-300x53.png 300w\" sizes=\"auto, (max-width: 482px) 100vw, 482px\" \/><\/p>\n<h4>Block or Unblock Ping Requests through \u201csysctl\u201d Command (Temporarily)<\/h4>\n<p>If you need to temporarily block the ping requests to your system, you can use the sysctl command as follows:<\/p>\n<pre>$ sudo sysctl -w net.ipv4.icmp_echo_ignore_all=1<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"84\" class=\"wp-image-3166\" src=\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/block-ping.png\" alt=\"block ping\" srcset=\"https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/block-ping.png 675w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/block-ping-300x37.png 300w\" sizes=\"auto, (max-width: 675px) 100vw, 675px\" \/><\/p>\n<p>After running the above command, the machine will start blocking the ping requests coming to it. Now if another system tries to ping your system, it will see no response as shown in the following output.<\/p>\n<h4><img loading=\"lazy\" decoding=\"async\" width=\"669\" height=\"139\" class=\"wp-image-3167\" src=\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-8.png\" srcset=\"https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-8.png 669w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-8-300x62.png 300w\" sizes=\"auto, (max-width: 669px) 100vw, 669px\" \/><\/h4>\n<p>However, as stated before, this change will be temporary. As soon as you reboot the system, the kernel parameter value will revert to its original value and ping will be unblocked again.<\/p>\n<p>You can also unblock ping using the below command:<\/p>\n<pre>$ sudo sysctl -w net.ipv4.icmp_echo_ignore_all=0<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"64\" class=\"wp-image-3168\" src=\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/unblock-ping.png\" alt=\"unblock ping\" srcset=\"https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/unblock-ping.png 675w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/unblock-ping-300x28.png 300w\" sizes=\"auto, (max-width: 675px) 100vw, 675px\" \/><\/p>\n<h4>Block or Unblock Ping Requests through icmp_echo_ignore_all File (Temporarily)<\/h4>\n<p>The <strong>\/proc\/sys\/net\/ipv4\/<\/strong> directory contains a file <strong>icmp_echo_ignore_all<\/strong> which controls whether the system should respond to ping requests or not.<\/p>\n<p>To block ping requests, you will need to change the value in the <strong>icmp_echo_ignore_all<\/strong> file form \u201c0\u201d to \u201c1\u201d. You can do this using the below command:<\/p>\n<pre>$ sudo sh -c \u2018echo 1 &gt; \/proc\/sys\/net\/ipv4\/icmp_echo_ignore_all\u2019<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"813\" height=\"64\" class=\"wp-image-3169\" src=\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/block-ping-1.png\" alt=\"block ping \" srcset=\"https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/block-ping-1.png 813w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/block-ping-1-300x24.png 300w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/block-ping-1-768x60.png 768w\" sizes=\"auto, (max-width: 813px) 100vw, 813px\" \/><\/p>\n<p>However, this change will be temporary. As soon as you reboot the system, the kernel parameter value will revert to its original value and ping will be unblocked again.<\/p>\n<p>You can also unblock ping using the below command:<\/p>\n<pre>$ sudo sh -c \u2018echo 0 &gt; \/proc\/sys\/net\/ipv4\/icmp_echo_ignore_all\u2019<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"820\" height=\"62\" class=\"wp-image-3170\" src=\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/unblock-ping-1.png\" alt=\"unblock ping\" srcset=\"https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/unblock-ping-1.png 820w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/unblock-ping-1-300x23.png 300w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/unblock-ping-1-768x58.png 768w\" sizes=\"auto, (max-width: 820px) 100vw, 820px\" \/><\/p>\n<h4>Block or unblock Ping Requests through \u201c\/etc\/sysctl.conf\u201d File (Permanently)<\/h4>\n<p>Ping requests can also be permanently blocked using the <strong>\/etc\/sysctl.conf<\/strong> file. In order to permanently block ping requests, first edit the <strong>\/etc\/sysctl.conf<\/strong> file using the following command:<\/p>\n<pre>$ sudo nano \/etc\/sysctl.conf<\/pre>\n<p>Now in the edited file, add the following line:<\/p>\n<pre>net.ipv4.icmp_echo_ignore_all = 1<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"622\" height=\"258\" class=\"wp-image-3171\" src=\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-9.png\" srcset=\"https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-9.png 622w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-9-300x124.png 300w\" sizes=\"auto, (max-width: 622px) 100vw, 622px\" \/><\/p>\n<p>Now save and close the <strong>\/etc\/sysctl.conf<\/strong> file and run the following command to apply the changes:<\/p>\n<pre>$ sysctl -p<\/pre>\n<p>To unblock ping, edit the <strong>\/etc\/sysctl.conf<\/strong> file and change the value of <strong>net.ipv4.icmp_echo_ignore_all<\/strong> back to 0:<\/p>\n<pre>net.ipv4.icmp_echo_ignore_all = 0<\/pre>\n<h2>Block or Unblock Ping Requests Using iptables (Permanently)<\/h2>\n<p>Iptables is a command-line utility in Linux that allows\/blocks traffic based on a set of rules. The Debian distribution by default includes iptables utility. However, if your system does not have this utility, you can install it as follows:<\/p>\n<pre>$ sudo apt-get install iptables<\/pre>\n<p>Now issue the below command in Terminal to block ping requests:<\/p>\n<pre>$ sudo iptables -A INPUT -p icmp --icmp-type 8 -j REJECT<\/pre>\n<p>In the above command, the <strong>A<\/strong> option is used for appending a rule in iptables and <strong>icmp-type 8 <\/strong>is used for ICMP echo request<strong>s. <\/strong>This command adds a rule in the firewall in order to block all incoming pings to your system. After adding this rule, the system will reject all the ping requests coming to it. Now if another system tries to ping your system, it will receive the \u201c<strong>Destination Port Unreachable<\/strong>\u201d message.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"776\" height=\"203\" class=\"wp-image-3172\" src=\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-10.png\" srcset=\"https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-10.png 776w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-10-300x78.png 300w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-10-768x201.png 768w\" sizes=\"auto, (max-width: 776px) 100vw, 776px\" \/><\/p>\n<p>If you do not want the sending user to see the <strong>Destination Port Unreachable message, use DROP instead of REJECT in the above command as follows<\/strong>:<\/p>\n<pre>$ sudo iptables -A INPUT -p icmp --icmp-type 8 -j DROP<\/pre>\n<p>Now if a user pings to your system, it will receive no response:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"683\" height=\"133\" class=\"wp-image-3173\" src=\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-11.png\" srcset=\"https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-11.png 683w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/01\/word-image-11-300x58.png 300w\" sizes=\"auto, (max-width: 683px) 100vw, 683px\" \/><\/p>\n<p>To unblock ping, use the below command:<\/p>\n<pre>$ sudo iptables -D INPUT -p icmp --icmp-type 8 -j REJECT<\/pre>\n<p>Or the below command if you have used the <strong>DROP<\/strong> option in iptables rule:<\/p>\n<pre>$ sudo iptables -D INPUT -p icmp --icmp-type 8 -j DROP<\/pre>\n<p>In the above command, <strong>D<\/strong> option is used for deleting a rule in iptables and <strong>icmp-type 8 <\/strong>is used for ICMP echo request<strong>s.<\/strong><\/p>\n<p>To list the rules in your iptables, use the following command:<\/p>\n<pre>$ sudo iptables -L<\/pre>\n<p>The iptables rules we have added above will not survive a system reboot. To make them survive a reboot, you will have to install the <strong>iptables-persistent <\/strong>package. Run the following command to install it:<\/p>\n<pre>$ sudo apt install iptables-persistent<\/pre>\n<p>After each rule you add or delete in iptables, run the following commands to make these rules persistent after reboot:<\/p>\n<pre>$ sudo netfilter-persistent save<\/pre>\n<pre>$ sudo netfilter-persistent reload<\/pre>\n<p>This is how you can block\/unblock ping requests to your Debian system. In this post, you have learned different ways for blocking\/unblocking ping requests either temporarily or permanently. If you know of some other ways to block\/unblock ping that we have missed, we would love to know in the comments below!<\/p>","protected":false},"excerpt":{"rendered":"<p>Ping is a network utility used to check the availability of a system on an internet protocol network using the ICMP echo request and echo reply messages. However,&hellip;<\/p>","protected":false},"author":4,"featured_media":3174,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[131,17,132],"class_list":["post-3164","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-debian","tag-block-ping","tag-debian-10","tag-unblock-ping"],"_links":{"self":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/3164","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/comments?post=3164"}],"version-history":[{"count":0,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/3164\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media\/3174"}],"wp:attachment":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media?parent=3164"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/categories?post=3164"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/tags?post=3164"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}