Disable ping response in Linux system

Usually ping is a small packet sent to a machine to check if machine is up. The ping response from an IP indicates the machine is up. You may want to disable ping replies for many reasons, may be for a security reason, or to avoid network congestion.

Someone can flood the network with ping and this can be used to find potential hack-able machines.

So it can be a best practice for system security to disable the ping.

Disable Ping using iptables

You can simply block ping responses directly from firewall in any Linux systems.

# iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

Block Ping with Kernel Parameter

We can also block ping responses from system by directly updating kernel parameters. In this we can block ping responses temporarily or permanently as below.

Block Ping Temporarily

You can temporarily block ping responses,Add the following line to your init script for the network (the name depends on the distribution you use):

echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all

This will disables ping responses.

To re enable it, use the following command:

echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all

Block Ping Permanently

You can block it permanently by setting following parameter in /etc/sysctl.conf configuration file.

net.ipv4.icmp_echo_ignore_all = 1

Now execute following command to apply settings immediately without rebooting system.

# sysctl -p