{"id":7471,"date":"2018-05-28T14:51:06","date_gmt":"2018-05-28T06:51:06","guid":{"rendered":"http:\/\/rmohan.com\/?p=7471"},"modified":"2018-05-28T14:52:13","modified_gmt":"2018-05-28T06:52:13","slug":"linux-servers-prevent-pings-and-open-pings","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=7471","title":{"rendered":"Linux Servers Prevent Pings and Open Pings"},"content":{"rendered":"
\n
Linux defaults to allow ping responses, which means that ping is on, but ping may be the start of a network attack, so turning off ping can improve the server’s security factor.\u00a0Whether the system allows ping is determined by two factors: 1. Kernel parameters, 2. Firewall.\u00a0Two factors are required to allow ping at the same time. If any of them is forbidden, ping cannot be opened.\u00a0The specific configuration method is as follows:<\/div>\n<\/div>\n
\n

1, the kernel parameter settings<\/p>\n

Allow\/disable ping settings (permit ping by default)<\/p>\n

The command to temporarily enable\/disable ping is to modify the contents of the \/proc\/sys\/net\/ipv4\/icmp_echo_ignore_all file. The contents of the file are only 1 character. 0 is for ping, 1 is forbidden, and there is no need to restart the server.<\/p>\n

Permanently allow\/disable ping configuration method:<\/p>\n

Modify the file \/etc\/sysctl.conf and add a line at the end of the file:<\/p>\n

Net.ipv4.icmp_echo_ignore_all = 1<\/p>\n

If you already have the net.ipv4.icmp_echo_ignore_all line, you can directly change the value after the = sign to allow 0 and 1 to disable.<\/p>\n

Execute sysctl -p after modification to make the new configuration take effect (important).<\/p>\n

2, firewall settings (the premise of the method here is the kernel configuration is the default value, that is not prohibited ping)<\/p>\n

Here takes the iptables firewall as an example. For other firewall operation methods, refer to the official firewall documentation.<\/p>\n

Allow ping settings<\/p>\n

Iptables -A INPUT -p icmp –icmp-type echo-request -j ACCEPT<\/p>\n

Iptables -A OUTPUT -p icmp –icmp-type echo-reply -j ACCEPT<\/p>\n

Or you can temporarily stop the firewall:<\/p>\n

Service iptables stop<\/p>\n

Prohibit ping setting<\/p>\n

Iptables -A INPUT -p icmp –icmp-type 8 -s 0\/0 -j DROP<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Linux defaults to allow ping responses, which means that ping is on, but ping may be the start of a network attack, so turning off ping can improve the server’s security factor. Whether the system allows ping is determined by two factors: 1. Kernel parameters, 2. Firewall. Two factors are required to allow ping […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7471"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7471"}],"version-history":[{"count":2,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7471\/revisions"}],"predecessor-version":[{"id":7473,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7471\/revisions\/7473"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7471"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7471"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7471"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}