Linux static Ping method (server and Firewall mode)

Linux server administrators can limit the server to prevent other users ping, while ensuring that the Linux server can ping other servers, this article will give you a specific introduction to Linux static Ping method.

First login between server terminals: Echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all

So you can ban ping. If you want to resume ping, you can execute a command

echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all

=======================

Way of the firewall static ping command

echo "1″>/proc/sys/net/ipv4/icmp_echo_ignore_all

This is the other people can not ping you, you can not ping others

To disable ping after changing its value to 1

To unblock ping after changing its value to 0

In fact, the simplest use of iptable

Iptables-a input-p icmp–icmp-type 8-s 0/0-j DROP

Iptables-a input-p icmp–icmp-type 0-s 0/0-j

Iptables-a output-p icmp–icmp-type 0-s 192.168.29.1-j DROP

Iptables-a output-p icmp–icmp-type 8-s 192.168.29.1-j ACCEPT

How to let others ping not to themselves, and can ping others, the problem is actually very simple, with the following script

#/bin/bash iptables-f iptables-f-t nat iptables-x iptables-p INPUT drop iptables-p OUTPUT DROP iptables-p FORWARD D ROP iptables-a input-i lo-j ACCEPT iptables-a input-m State--state established,related-j ACCEPT iptables-a INPUT- P tcp-m--dport 80,22-j ACCEPT iptables-a input-p ICMP--icmp-type 0-j ACCEPT iptables-a output-o lo-j A Ccept iptables-a output-m State--state established,related-j ACCEPT iptables-a output-p tcp-m multiport--sport 80, 22-j ACCEPT iptables-a output-p ICMP--icmp-type 8-j ACCEPT

iptables application of Ban ping and anti-DDoS to the external contract

The main 2 basic practical applications, mainly related to the ban Ping (IPv4) and the prohibition of UDP, that is, the use of the server to prevent hackers to outsource DDoS attack content.

First, if there is no iptables prohibit ping

Echo1 > /proc/sys/net/ipv4/icmp_echo_igore_all #开启

Echo0 > /proc/sys/net/ipv4/icmp_echo_igore_all #关闭

Second, the use of iptables rules to ban ping

Iptables-a input-p ICMP--icmp-type8-s 0/0-j DROP

Third, using the Iptables rule, prohibit the server to outsource, prevent DDoS attack

Iptables-i output-p UDP--dport 53-d 8.8.8.8-j ACCEPT #允许UDP服务IP

Iptables-a output-p udp-j DROP #禁止udp服务

These 53 ports and 8888 are required by the DNS service, and if you do not know the DNS settings for this computer, you can execute the following command to obtain IP:

Cat/etc/resolv.conf