How can I block ping requests with IPTables?
56,813
Solution 1
To deny responses to ping requests..Add the following iptable rule
iptables -A OUTPUT -p icmp -o eth0 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -s 0/0 -i eth0 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -s 0/0 -i eth0 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -s 0/0 -i eth0 -j ACCEPT
iptables -A INPUT -p icmp -i eth0 -j DROP
Solution 2
I believe iptables -I INPUT -p icmp --icmp-type 8 -j DROP
should do the trick.
For IPv6 you would need something like ip6tables -I INPUT -p icmpv6 --icmp-type 8 -j DROP
.
Solution 3
Simplest method of disabling ping response is to add an entry in /etc/sysctl.conf file. If the Iptables flushes or stop server will start responding to ping responses again. I suggest the following entry in your /etc/sysctl.conf file
net.ipv4.icmp_echo_ignore_all = 1
this will tell kernel to not respond any ping response, after this run sysctl -p on shell to implement the changes without reboot.
For more info please refer: http://www.trickylinux.net/disable-ping-response-linux/
Related videos on Youtube
Author by
Achshar
Updated on September 17, 2022Comments
-
Achshar over 1 year
and stealth specific ports?
-
Achshar over 13 yearssomething is wrong with the rules or i just don't have dependencies, i changed the eth0 to wlan0 as i am on my laptop right now, and received the error "sudo iptables -A INPUT -p icmp –icmp-type destination-unreachable -s 0/0 -i wlan0 -j ACCEPT Bad argument
–icmp-type'" and "sudo iptables -A INPUT -p icmp -i wlan0-j DROP Bad argument
DROP'" -
karthick87 over 13 years@david25 see my updated answer.
-
Aedazan over 7 yearsThis is probably the best way I have found in the past. It has the plus side that its persistent.