×


How to block or unblock ping requests on Ubuntu Server 20.04 LTS ?

Ping is a network administration utility that is used to test the availability of a system on an IP network. Ping is also used to test the quality of the network connection by monitoring the round trip time and packet losses. 

On the other hand, network intruders and hackers also use ping to identify network subnets to find potential hosts or to perform ICMP flood attacks. Therefore, it is a good practice to block ping requests to your servers to prevent any kind of attack.

Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform Linux related tasks.

In this context, we shall look into how to block ping requests to Linux Server.


How to Block / unblock ping requests to Linux Server ?

Here, we are working with Ubuntu 20.04 LTS with a user with sudo privileges.

Ping works by sending an ICMP packet (Echo request) to the destination system and then receives a response ICMP packet (Echo reply). In Linux, the ping command continues sending ICMP packets until you stop it using Ctrl+C.

In order to block ping requests, you will need to ignore/block the ICMP echo requests that are sent to your server. 


There are following two ways through which you can block/unblock ICMP echo requests to the Linux server.

i. Through Kernel parameters.

ii. Through iptables.


Now Let's get started.


How to Block/unblock ping requests through kernel parameters ?

Through kernel parameters, you can block ping requests either temporarily or permanently. Kernel parameters can be modified through sysctl command, /sys/proc directory, and /etc/sysctl.conf file.


How to Temporary block/unblock ping requests?

The sysctl command in Linux is used to read and write kernel parameters in the /proc/sys directory. Using this command, we can set up kernel parameters to block/unblock ping requests. The kernel parameter net.ipv4.icmp_echo_ignore_all controls whether the system should respond to the ICMP echo request. The default value of it is ‘0’ which means to respond to the ICMP request.


To Block Ping Request using sysctl command:

In order to block ping request, issue the following command in Terminal:

$ sudo sysctl -w net.ipv4.icmp_echo_ignore_all=1

This command sets the kernel parameter to '1' which means to ignore all the ICMP requests.


Now all the ping requests to your system will be blocked and the sender will receive no response.


To Unblock Ping Request sysctl command:

To unblock the ping requests, again run the same command by changing the parameter value to default '0':

$ sudo sysctl -w net.ipv4.icmp_echo_ignore_all=0

Alternatively, you can block the ping requests by changing the kernel parameter value in the /proc/sys directory using the echo command. 

However, to use this method, you will need to run the command as root.

Then issue the following command in Terminal:

$ echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

To unblock the ping requests, the command would be:

$ echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all


How to Permanently block ping requests ?

Kernel parameters can also be modified through the /etc/sysctl.conf file. This file will allow you to permanently block ping requests to your server.


To Block Ping Request via sysctl.conf file:

i. In order to block ping request to your system, edit /etc/sysctl.conf file:

$ sudo nano /etc/sysctl.conf

ii. Then append the following line in the file:

net.ipv4.icmp_echo_ignore_all = 1

iii. Save and close the file.

iv. Then issue the following command in Terminal to apply this configuration without reboot:

$ sysctl -p

To Unblock Ping Request via sysctl.conf file:

i. To unblock ping requests, edit the /etc/sysctl.conf file:

$ sudo nano /etc/sysctl.conf

ii. Then modify the value of net.ipv4.icmp_echo_ignore_all to ‘0’:

net.ipv4.icmp_echo_ignore_all = 0

iii. Save and close the file.

iv. Then issue the following command in Terminal to apply this configuration without reboot:

$ sysctl -p


How to Block/unblock ping requests Using iptables ?

Iptables is a firewall utility in Linux that controls incoming and outgoing traffic based on certain rules. It comes preinstalled in the Ubuntu system. In case, it is missing from the system, you can install it using the following command in Terminal:

$ sudo apt install iptables


To Block Ping Request Using iptables: 

i. To block ping requests to your system, type following command in Terminal:

$ sudo iptables -A INPUT -p icmp --icmp-type 8 -j REJECT

Where the A flag is used to add a rule in iptables and icmp-type 8 is the ICMP type number used for echo request.

The above command will add a rule in the firewall that will block any incoming ping requests to your system. By adding this rule, anyone sending the ping request to your system will see the “Destination Port Unreachable” message.


ii. If you do not want this message to appear, use the following command replacing REJECT with DROP:

$ sudo iptables -A INPUT -p icmp --icmp-type 8 -j DROP

Now anyone sending the ping request to your system.


To Unblock Ping Request Using iptables:

i. In order to unblock ping requests to your server, type the following command in Terminal:

$ sudo iptables -D INPUT -p icmp --icmp-type 8 -j REJECT

Where the D flag is used to delete a rule in iptables and icmp-type 8 is the ICMP type number used for an echo request.

ii. In order to make these rules persistent after a system reboot, you will need iptables-persistent package. Issue the below command in Terminal to install iptables-persistent:

$ sudo apt install iptables-persistent

You will be asked to confirm whether you want to proceed with the installation or not. Hit y to proceed, after which the system will start the installation and once completed, it will be ready to use.


After adding or deleting any rule, issue the following commands in Terminal to make them survive the system reboot.

$ sudo netfilter-persistent save
$ sudo netfilter-persistent reload

In order to view all the rules added to your iptables, issue the following command in Terminal:

$ sudo iptables -L


[Need urgent assistance to fix Ubuntu related issues? We are available to help you. ]


Conclusion

This article will guide you on steps to block or unblock #ping requests on #Ubuntu Server 20.04 LTS. Also you will learn how to unblock the ping requests in case you need to use ping for system administration and troubleshooting.

To block #ping requests in #Linux:

You can implement blocking ICMP messages in your Linux system by adding the below #kernel variable that will drop all ping packets. In order to make the above rule permanent, append following line to /etc/sysctl. conf file and, subsequently, apply the rule with sysctl command.