Linux disable ping and how to open ping

Linux default is to allow ping response, whether the system allows ping to be determined by 2 factors: A, kernel parameters, B, firewall, requires 2 factors to allow the ping,2 factor can be allowed to ping any one of the forbidden Ping.

The specific configuration method is as follows:

A, kernel parameter settings

1. Allow Ping settings

A. The command to temporarily allow a ping operation is: #echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all

B. Permanently allow the ping configuration method.

Add a row to the /etc/sysctl.conf

net.ipv4.icmp_echo_ignore_all=1

If there is already a line of Net.ipv4.icmp_echo_ignore_all, directly modify the value after the = sign (0 means allow, 1 is forbidden).

After the modification is complete, execute sysctl-p to make the new configuration effective.

2. Prohibit ping setting

A. The command to temporarily disable pings is: #echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all

B. Permanently allow the ping configuration method.

Add a row to the /etc/sysctl.conf

net.ipv4.icmp_echo_ignore_all=0

If you already have the Net.ipv4.icmp_echo_ignore_all line, directly modify the value after the = sign. (0 means allow, 1 is forbidden)

After the modification is complete, execute sysctl-p to make the new configuration effective.

B, firewall settings ( Note: The method here is the premise that the kernel configuration is the default value, that is, no ping is forbidden)

Here, for example, iptables firewall, other firewall operation methods can refer to the official documentation of the firewall.

1. Allow Ping settings

Iptables-a input-p ICMP--icmp-type echo-request-j ACCEPT

Iptables-a output-p ICMP--icmp-type echo-reply-j ACCEPT

Or you can temporarily stop the firewall operation.

Service Iptables Stop

2. Prohibit ping setting

Iptables-a input-p ICMP--icmp-type 8-s 0/0-j DROP

Linux disable ping and how to open ping