There are two simple methods to block all your ping requests.
1. Using the native “restriction” of Linux
a) For temporary change:
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
b) For permanent change:
Modify /etc/sysctl.conf file and search for net.ipv4.icmp_echo_ignore_all parameter. Once you find it change its default value from “0” to “1” and save the file.
After modification it should look like this:
net.ipv4.icmp_echo_ignore_all = 1
If the parameter does not exist you can use this command to add it:
echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf
2. Using iptables
This should be your default iptables configuration.
root@server:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@server:~#
By typing the below command, you will DROP all ICMP echo requests (type 8).
iptables -A INPUT -p icmp --icmp-type 8 -j DROP
For both methods, this is how ping looked before:
root@client:~# ping -c 5 192.168.1.101
PING 192.168.1.101 (192.168.1.101) 56(84) bytes of data.
64 bytes from 192.168.1.101: icmp_req=1 ttl=53 time=51.6 ms
64 bytes from 192.168.1.101: icmp_req=2 ttl=53 time=51.7 ms
64 bytes from 192.168.1.101: icmp_req=3 ttl=53 time=51.6 ms
64 bytes from 192.168.1.101: icmp_req=4 ttl=53 time=51.6 ms
64 bytes from 192.168.1.101: icmp_req=5 ttl=53 time=51.9 ms
— 192.168.1.101 ping statistics —
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 51.631/51.720/51.909/0.226 ms
root@client:~#
And this is how it looks afterwards:
root@client:~# ping -c 5 192.168.1.101
PING 192.168.1.101 (192.168.1.101) 56(84) bytes of data.
— 192.168.1.101 ping statistics —
5 packets transmitted, 0 received, 100% packet loss, time 3999ms
root@client:~#