Home > Developer > Linux

How the Linux firewall disables pinging

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Generally in order to host security and other factors, we will prohibit the host is ping test, this method of prohibition is more, the following methods are their own practice in the process of summarizing the experience, in this record to make learning notes.

1, in the context of server security we will prohibit some default ports, in the input chain of the filter table set the default rule to drop, and then you need the relevant ports and services to open.

iptables  -t filter   -p input   drop      #默认规则的设置   You need to be aware of remote port rules when setting this rule [[Email protected] ~]# iptables -lchain input   (Policy drop) target     prot opt source                destination          ACCEPT     tcp  --  anywhere              anywhere             tcp dpt:mysql ACCEPT     tcp   --  anywhere              anywhere            tcp dpt:ssh  This is the command to check ping  ping  192.168.31.84ping 192.168.31.84  (192.168.31.84)  56 ( bytes of data.   #结果是不通的   When the default rule is changed to open or open the ICMP protocol, it will be able to ping.  1, open the ICMP protocol and ping through iptables  -t filter -i input  -p icmp   -j  ACCEPT ping  192.168.31.84PING 192.168.31.84  (192.168.31.84)  56 ( bytes of data.64 bytes from 192.168.31.84: icmp_seq=100 ) ttl=128 time=0.605 ms64 bytes from 192.168.31.84: icmp_seq=101 ttl=128  time=0.736 ms64 bytes from 192.168.31.84: icmp_seq=102 ttl=128 time= 0.754 ms64 bytes from 192.168.31.84: icmp_seq=103 ttl=128 time=0.696  Ms

The above setting the default rules for the way of refusal, not only can not let others ping, at the same time they can not ping the other host, this way we use less, we can take the following way,

echo "net.ipv4.icmp_echo_ignore_all=1" >>/etc/sysctl.conf [[email protected] ~]# tail-1/etc/sysctl.conf Net.ip V4.icmp_echo_ignore_all=1[[email protected] ~]# sysctl-p When we test, we will find that we can ping other hosts, but other hosts can not ping through,

The following approach is that we will allow ping to be placed in front of the firewall rules and according to the firewall rule priority level, not allow ping to be placed behind

This article is from the "Keep Dreaming" blog, please be sure to keep this source http://dreamlinux.blog.51cto.com/9079323/1859177

How the Linux firewall disables pinging

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to setup firewall in linux how to configure firewall in linux how to check firewall port is open in linux how to disable firewall in linux redhat 7 firewall linux iptables linux firewall block ip linux firewall open port

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More