Methods of Linux static ping

A ping is a communication protocol that is part of the IP protocol, a portion of the TCP/IP protocol. It can be used to check if the network is able to connect, so it can help us to analyze and determine the network fault. The application format is: Ping IP address. But service-enabled pings can sometimes cause a lot of trouble.

As a result, Linux server administrators can restrict the server from pinging other users, sometimes as needed (such as to prevent attacks). It also ensures that the Linux server can ping other servers.

The following is the simplest method of ping-cut in Linux

First login to the server between the terminal execution: Echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all

This will allow the ping to be banned. If you want to restore ping, you can execute the command

echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all

=======================

The way the firewall is still ping command

echo "1″>/proc/sys/net/ipv4/icmp_echo_ignore_all

This is someone else can't ping you, you can't ping others

Disable ping after changing its value to 1

To disable ping after changing its value to 0

In fact, using iptable is the simplest

Iptables-a input-p icmp–icmp-type 8-s 0/0-j DROP

Iptables-a input-p icmp–icmp-type 0-s 0/0-j ACCEPT

Iptables-a output-p icmp–icmp-type 0-s 192.168.29.1-j DROP

Iptables-a output-p icmp–icmp-type 8-s 192.168.29.1-j ACCEPT

How to let others do not ping themselves, and can ping others, the problem is actually very simple, with the following script

#/bin/bash iptables-f iptables-f-t nat iptables-x iptables-p INPUT drop iptables-p OUTPUT drop iptables-p FORWARD D ROP iptables-a input-i lo-j Accept iptables-a input-m State--state established,related-j Accept Iptables-a INPUT- P tcp-m multiport--dport 80,22-j accept iptables-a input-p ICMP--icmp-type 0-j accept iptables-a output-o lo-j A Ccept iptables-a output-m State--state established,related-j ACCEPT iptables-a output-p tcp-m multiport--sport 80, 22-j Accept iptables-a output-p ICMP--icmp-type 8-j Accept

Iptables application-Forbidden Ping and anti-DDoS outgoing packets

The main 2 basic practical applications, mainly related to the prohibition of ping (IPv4) and prohibit UDP, that is, prohibit hackers to use the server to outsource DDoS attack content.

One, if there is no iptables prohibit ping

Echo1 > /proc/sys/net/ipv4/icmp_echo_igore_all #开启

Echo0 > /proc/sys/net/ipv4/icmp_echo_igore_all #关闭

Second, the use of iptables rules to prohibit ping

Iptables-a input-p ICMP--icmp-type8-s 0/0-j DROP

Third, the use of iptables rules, prohibit the server to outsource, to prevent DDoS attacks

Iptables-i output-p UDP--dport 53-d 8.8.8.8-j ACCEPT #允许UDP服务IP

Iptables-a output-p udp-j DROP #禁止udp服务

The above 53 ports and 8888 are the DNS service must have, if not clear the DNS settings of the machine, you can execute the following command to get IP:

Cat/etc/resolv.conf

Methods of Linux static ping