Linux default is to allow ping response, whether the system allows ping to be determined by 2 factors: A, kernel parameters, B, firewall, requires 2 factors to allow the ping,2 factor can be allowed to ping any one of the forbidden Ping.
The specific configuration method is as follows:
A, kernel parameter settings
1. Allow Ping settings
A. The command to temporarily allow a ping operation is: #echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all
B. Permanently allow the ping configuration method.
Add a row to the /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all=1
If there is already a line of Net.ipv4.icmp_echo_ignore_all, directly modify the value after the = sign (0 means allow, 1 is forbidden).
After the modification is complete, execute sysctl-p to make the new configuration effective.
2. Prohibit ping setting
A. The command to temporarily disable pings is: #echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all
B. Permanently allow the ping configuration method.
Add a row to the /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all=0
If you already have the Net.ipv4.icmp_echo_ignore_all line, directly modify the value after the = sign. (0 means allow, 1 is forbidden)
After the modification is complete, execute sysctl-p to make the new configuration effective.
B, firewall settings ( Note: The method here is the premise that the kernel configuration is the default value, that is, no ping is forbidden)
Here, for example, iptables firewall, other firewall operation methods can refer to the official documentation of the firewall.
1. Allow Ping settings
Iptables-a input-p ICMP--icmp-type echo-request-j ACCEPT
Iptables-a output-p ICMP--icmp-type echo-reply-j ACCEPT
Or you can temporarily stop the firewall operation.
Service Iptables Stop
2. Prohibit ping setting
Iptables-a input-p ICMP--icmp-type 8-s 0/0-j DROP
Linux disable ping and how to open ping