How to disable ICMP ping replies (linux)

Posted: Dec 8, 2020 | Reading time: 1 min

Few weeks ago during server setup phase for one of my project, I notice there is no ICMP or ping replies from server and some port are not able to access.

I told the network engineer to check and seem they blocking the ports and disabling ICMP replies from their firewall configuration.

From that accident I do some google-fu if I can do same thing for personal computer / server. We can setting the kernel variable or use iptable to disable ICMP / ping replies if requested.

Temporarily disable ICMP / ping replies

$ su -
echo "1" >  /proc/sys/net/ipv4/icmp_echo_ignore_all
# This instructs the kernel to simply ignore all ping requests
# 1 = ignore ping requests and 0 = allow ping request


$ iptables -A INPUT -p icmp -j DROP

Permanently disable ICMP / ping replies

To disable ping requests permanently, add this line into your /etc/sysctl.conf file:

net.ipv4.icmp_echo_ignore_all = 1

And reload sysctl’s policy by # sysctl -p.

Or save iptables rule by

# for distros with systemd
/usr/libexec/iptables.init save

# for all other distros
service iptables save

# univeral way: edit main config by yourself
vim /etc/sysconfig/iptables


