To disable the PING response, add the following line to your init script for the network:
echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all

To reenable the PING response do this:
echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all

To make the change PERMANENT add the following line to /etc/sysctl.conf:
net.ipv4.icmp_echo_ignore_all=1
and execute this command
sysctl -p

It is better to use firewall for these purposes, so that you can optionally enable ping from some systems, esp monitoring systems
iptables -t filter -I INPUT -p icmp --icmp-type echo-request -s monitoring_system -j ACCEPT
iptables -t filter -I INPUT -p icmp --icmp-type echo-request -j DROP

Just in case it's not obvious to iptables newbies, replace "monitoring_system" with the IP/range of the server(s) which should be able to ping the server. All other ping requests will be silenty dropped.



--
Liu Lantao
College of Information Science and Technology, Beijing Normal University
EMAIL: liulantao ( at ) gmail ( dot ) com ;
WEBSITE: http://www.liulantao.com/ .
------

公众号推荐

知识分享行动
每天 10:24
只聊技术细节
扫码立即参与
知识分享行动