1, the kernel parameter settings
Allow/disable ping settings (permit ping by default)
The command to temporarily enable/disable ping is to modify the contents of the /proc/sys/net/ipv4/icmp_echo_ignore_all file. The contents of the file are only 1 character. 0 is for ping, 1 is forbidden, and there is no need to restart the server.
Permanently allow/disable ping configuration method:
Modify the file /etc/sysctl.conf and add a line at the end of the file:
Net.ipv4.icmp_echo_ignore_all = 1
If you already have the net.ipv4.icmp_echo_ignore_all line, you can directly change the value after the = sign to allow 0 and 1 to disable.
Execute sysctl -p after modification to make the new configuration take effect (important).
2, firewall settings (the premise of the method here is the kernel configuration is the default value, that is not prohibited ping)
Here takes the iptables firewall as an example. For other firewall operation methods, refer to the official firewall documentation.
Allow ping settings
Iptables -A INPUT -p icmp –icmp-type echo-request -j ACCEPT
Iptables -A OUTPUT -p icmp –icmp-type echo-reply -j ACCEPT
Or you can temporarily stop the firewall:
Service iptables stop
Prohibit ping setting
Iptables -A INPUT -p icmp –icmp-type 8 -s 0/0 -j DROP
Recent Comments