Linux disable or drop / block ping packets all together

by Vivek Gite [Last updated: January 6, 2007]

Q. How do I disable or drop all ping packats all together?

A. Generally you can use iptables to block or allow ping requests.

You can setup kernel variable to drop all ping packets. Type the following command at shell prompt:
# echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

This instructs the kernel to simply ignore all ping requests (ICMP type 0 messages). To enable ping request type the command:
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all

You can add following line to /etc/sysctl.conf file:
# vi /etc/sysctl.conf
Append following line:
net.ipv4.icmp_echo_ignore_all = 1

Save and close the file.

Sometimes ping request can be handy for testing your own server. You can disable ICMP type 0 messages in the firewall so that local administrators to continue to use ping command for their own server. Following command block all ICMP packets including ping request:
# iptables -A INPUT -p icmp -j DROP

Want to read Linux tips and tricks, but don't have time to check our blog everyday? Subscribe to our daily email newsletter to make sure you don't miss a single tip/tricks. Subscribe to our weekly newsletter here!

{ 0 comments… add one now }

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Previous post: Limit the number of Telnet sessions coming from the same remote system

Next post: Squid content filtering: Block / download of music MP3, mpg, mpeg, exec files