How to block or unblock ping requests on Ubuntu

Estimated reading: 6 minutes 822 views

Ping is a network administration utility that is used to test the availability of a system on an IP network. Ping is also used to test the quality of the network connection by monitoring the round trip time and packet losses. On the other hand, network intruders and hackers also use ping to identify network subnets to find potential hosts or to perform ICMP flood attacks. Therefore, it is a good practice to block ping requests to your servers to prevent any kind of attack.
This article is about how to block ping requests to Linux Server. We will also describe how to unblock the ping requests in case you need to use ping for system administration and troubleshooting.

How to block/unblock PING requests on Ubuntu

We made the research and have got multiple methods on how to disable ping on Linux distros. Depending on specific configurations, the method will change. Following are the methods which will help you disable ping in Linux

Methode 1: How to block/unblock PING requests via Kernel  parameters

To block PING requests temporarily or permanently, you can use the Kernel. There are parameters for the Kernel that can be edited and modified with the sysctl command.

1.Request to block/unblock temporarily

The first way to intercept ping requests is temporary blocking and it is done using the sysctl command. This command is used in Linux-based systems to modify or read and write kernel parameters in the /proc/sys directory.

  • Block ping requests

To block ping request, issue below mentioned command in Terminal:

# sysctl -w net.ipv4.icmp_echo_ignore_all=1

The net.ipv4.icmp_echo_ignore_all is a parameter that controls the system response to an incoming ICMP request. 0 means yes while 1 means no response to the request. Here, 1 implies all requests will be ignored or denied

When a ping request is sent, no packets will be responded to

  • Unblock ping requests

Now, I want to unblock ping requests, enter the following command in the Terminal command line:

# sysctl -w net.ipv4.icmp_echo_ignore_all=0

The user can also use the Kernel parameter value and change it in the /proc/sys directory in the echo . command

# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

To unblock use:

# echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

This is a method of temporarily blocking and unblocking ping requests.

2. Permanently block/unblock requests

To modify the parameters of the Kernel, we can use the file /etc/sysctl.conf. To intercept requests, I need to edit this file.

  • Block ping requests

To block the request, I need to edit the file /etc/sysctl.conf using:

# nano /etc/sysctl.conf

The editor will open, enter the line in this file:

net.ipv4.icmp_echo_ignore_all = 1

Now save and close this file. To reflect the change without rebooting, run the following command:

# sysctl -p
  • Unblock ping requests

For this, edit the file /etc/sysctl.conf using:

# nano /etc/sysctl.conf

This time, we need to update the value of net.ipv4.icmp_echo_ignore_all to ‘0’:

net.ipv4.icmp_echo_ignore_all = 0

Then save and run this command:

# sysctl -p

This way the user can permanently block and unblock ping requests.

Methode 2: How to block/unblock PING requests using Iptables firewall

The Iptables trick wall is used via the command line to turn traffic on or off. It works on the basis of rules i.e. policy chains. Iptables operates on a packet-smart network where traffic is monitored for each corresponding group of packets. They work on a lookup rule where they match each packet to a list to map it to each rule

1.Iptables Firewall install

To install the Iptables firewall, enter the following command in the command line window:

# apt install iptables

Confirm Iptables Firewall install

# iptables --version

2. Block PING with Iptables Firewall

Iptables is a rule-based network filtering engine. Users can add these rules to block pings to and from their servers. We will discuss a set of examples to add a set of rules to block PING.

  • Rule 1:

To deny or block the request, use the following command. -A in the following command implies additional rules. You will see an error message when you run the following ping command:

# iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT

When you ping IP address, you will see output like this:

 

  • Rule 2:

You can also use the following rule to suppress the ping at the end of the input. This will not display the error message.

# iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
  • Rule 3:

To drop or block the ping request at the end of the output you can also use the following command.

# iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP

3. Unblock PING from Iptables Firewall

Unblock ping from Iptables Firewall

  • List available rules.

You can use the following command to check all the rules that have been added to the Iptables firewall.

# iptables -L

  • Delete the set of blocking rules.

The user can remove the set of rules that are acting as a blocker for ping, they can remove it. As shown in the above example, here ICMP is being rejected. Therefore, I will remove it by:

# iptables -D INPUT -p icmp --icmp-type echo-request -j REJECT
# iptables -D OUTPUT -p icmp --icmp-type echo-reply -j DROP

User can easily delete all unwanted rules. They can simply use the -D command to delete any rule.

  • Delete custom rules.

To delete custom rules, added to the Iptables firewall, enter the following command in the command line window to delete any unwanted rules:

# iptables -F

This way users can add and unblock PING from the Iptables firewall.

Summary

In this article, I showed you how to block and unblock PING using Kernel parameters and Iptables firewall in Ubuntu.

Kernel parameters allow the user to save the settings permanently or temporarily. I discussed setting up the Iptables firewall and then went over the PING blocking method with suitable examples. Then I saw the method to unblock PING from the Iptables firewall.

In this article, we examined how to remove and delete rules whether they are custom or act as a blocker for the system.

Good Luck!

 

Leave a Comment

Share this Doc

How to block or unblock ping requests on Ubuntu

Or copy link

CONTENTS