How to disable responses to PING

Question

I feel like this should be a really simple thing to do, but googling and checking SF I didn't see anything. I'm trying to make my Fedora server not respond to pings, how do I do that?

I've never understood the advantages of disabling ICMP Echo Requests on servers. It makes monitoring and debugging network connectivity troublesome. Servers will usually have one or more low ports open for service anyway, so it's not like you can blackhole them. Could you let me know your reason, please? — Martijn Heemels, Sep 04 '09 at 13:21
[This article](http://www.linuxhowtos.org/Security/disable_ping.htm) explains how to do this. — Sam Cogan, Jul 28 '09 at 21:58
Additionally, you can use "Blackhole" security: the server simply won't answer connection attemps to closed ports, so portscan becomes a difficult one ;) — kolypto, Jul 28 '09 at 22:46

score 25 · Accepted Answer · edited Jul 02 '15 at 17:39

25

To disable the PING response, add the following line to your init script for the network:

echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all

To reenable the PING response do this:

echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all

Update:

To make the change permanent add the following line to /etc/sysctl.conf:

net.ipv4.icmp_echo_ignore_all=1

edited Jul 02 '15 at 17:39

dimo414

385
1
3
16

answered Jul 28 '09 at 22:02

KPWINC

11,394
3
37
45

how can i do it for windows server family?? – AminM Mar 05 '14 at 15:21

Saurabh Barjatiya · Answer 2 · 2009-07-30T04:07:27.950

12

It is better to use firewall for these purposes, so that you can optionally enable ping from some systems, esp monitoring systems

iptables -t filter -I INPUT -p icmp --icmp-type echo-request -s monitoring_system -j ACCEPT
iptables -t filter -I INPUT -p icmp --icmp-type echo-request -j DROP

edited Jul 30 '09 at 04:07

answered Jul 29 '09 at 09:04

Saurabh Barjatiya

4,703
2
30
34

3

Just in case it's not obvious to iptables newbies, replace "monitoring_system" with the IP/range of the server(s) which should be able to ping the server. All other ping requests will be silenty dropped. – Coops Jul 30 '09 at 08:40

score 11 · Answer 3 · answered Jul 28 '09 at 23:00

11

Add the following line to /etc/sysctl.conf:

net.ipv4.icmp_echo_ignore_all=1

It has the same effect as the above echo lines.

answered Jul 28 '09 at 23:00

koenigdmj

1,055
7
12

Sathish · Answer 4 · 2015-07-02T16:56:49.103

3

You can also use this command to disable ping request

sysctl net.ipv4.icmp_echo_ignore_all=1

To enable it again

sysctl net.ipv4.icmp_echo_ignore_all=0

Finally save it sysctl -p

edited Jul 02 '15 at 16:56

answered Mar 06 '13 at 10:09

Sathish

236
2
8

1

Weird, the opposite works on my system with Ubuntu 14.04. I am pinging localhost if it matters. – Elijah Lynn Jul 01 '15 at 03:04
1

Sorry! I recheked now and corrected. Tried in CentOS 7. – Sathish Jul 02 '15 at 16:57

score 0 · Answer 5 · answered Jul 28 '09 at 21:59

0

Just do this:

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

answered Jul 28 '09 at 21:59

chmeee

7,370
3
30
43

score 0 · Answer 6 · answered Jul 29 '09 at 09:12

0

open your /etc/sysctl.conf and append this line

net.ipv4.icmp_echo_ignore_all = 1

and execute this command

sysctl -p

it's still usable after reboot

answered Jul 29 '09 at 09:12

score -1 · Answer 7 · answered Jul 28 '09 at 22:01

-1

Firewall block ICMP connections.

especially icmp echo.

answered Jul 28 '09 at 22:01

William Hilsum

3,536
6
29
39

7

However, do not block all ICMP traffic because this will e.g. break Path MTU discovery. – knweiss Jul 28 '09 at 22:08

How to disable responses to PING

7 Answers7