BY ADMIN - APRIL, 9TH 2014

The ‘PING’, it’s a command-line tool to check a host is reachable or not. We can manage it by the help of ‘iptables’. The ‘ping’ is using ICMP to communicate. We can simply manage the ‘icmp : Internet Controlled Message Protocol’ from iptables.

Required iptables switches
The below pasted switches are required for creating a rule for managing icmp.

-A : Add a rule
-D : Delete rule from table
-p : To specify protocol (here 'icmp')
--icmp-type : For specifying type
-J : Jump to target

Normally using icmp types and its Codes Click here for ICMP Types and Codes

echo-request   :  8
echo-reply : 0

Here I am explaining some examples.

How to block PING to your server with an error message ?
In this way you can partially block the PING with an error message ‘Destination Port Unreachable’. Add the following iptables rules to block the PING with an error message. (Use REJECT as Jump to target)

iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT

Example:

[root@support ~]# ping 109.200.11.67
PING 109.200.11.67 (109.200.11.67) 56(84) bytes of data.
From 109.200.11.67 icmp_seq=1 Destination Port Unreachable
From 109.200.11.67 icmp_seq=2 Destination Port Unreachable
From 109.200.11.67 icmp_seq=3 Destination Port Unreachable

To block without any messages use DROP as Jump to target.

iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP

Allow Ping from Outside to Inside

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

How to block PING from your server to world ?
In this way you can block PING option from your server to outside. Add these rules to your iptables to do the same.
Block PING operation with message ‘Operation not permitted’

iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP

Example:

root@test [~]# ping google.com
PING google.com (173.194.34.136) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

To block with out any error messages.
For this, DROP the echo-reply to the INPUT chain of you iptables.

iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
iptables -A INPUT -p icmp --icmp-type echo-reply -j DROP

Allow Ping from Inside to Outside

iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT

You can use the icmp code instead of icmp-type name for adding rule to iptables.
That’s it. Try this and let me know your feedback.

reference:http://crybit.com/iptables-rules-for-icmp/

How to allow/block PING on Linux server – IPTables rules for icmp---reference的更多相关文章

  1. 在Oracle Linux Server release 6.4下配置ocfs2文件系统

    ① 安装ocfs-tools-1.8 如果是使用RedHat Enterprise Linux 6.4,也可以安装ocfs-tools-1.8的,只是要插入Oracle Linux Server re ...

  2. Linux Server

    Linux Server CentOS 6.3下配置iSCSI网络存储 摘要: 一.简介iSCSI(internet SCSI)技术由IBM公司研究开发,是一个供硬件设备使用的.可以在IP协议的上层运 ...

  3. 在Azure上实现Linux Server故障转移

    要充分利用公有云的弹性扩展和高可用, 首先要在应用系统层面支持横向扩展(scale out),这个说起来很容易,或者说对新开发的应用系统而言已经成为标配.但是对已有的.老旧的应用系统来说,这就比较困难 ...

  4. HowTo: Linux Server Change OR Setup The Timezone

    Method 1 #tzselect # select timezone e.g. Asia/Shanghai#echo 'Asia/Shanghai' > /etc/timezone # se ...

  5. Zyxel Switch-How to block a fake DHCP server without enabling DHCP snooping?

    How to block a fake DHCP server without enabling DHCP snooping? Scenario How to block a fake DHCP se ...

  6. 分析windows宿主机Ping不通linux虚拟机的其中一种情况

    ping不通的情况是由于设置网络选项的时候,可以看到界面名称的选择如下(当前选择的是无线网卡驱动):

  7. ORACLE Install (10g r2) FOR Red Hat Enterprise Linux Server release 5.5 (64 bit) (转)

    OS Info----------# cat /etc/redhat-releaseRed Hat Enterprise Linux Server release 5.5 (Tikanga)# cat ...

  8. Red Hat Enterprise Linux Server(RHEL) yum安装软件时This system is not registered with RHN. RHN support will be disabled. 的解决方法(转)

    新安装了redhat6.5.安装后,登录系统,使用yum update 更新系统.提示: This system is not registered to Red Hat Subscription M ...

  9. Linux server关闭自己主动

    公司linux server发生错误.mysql server没有理由关闭,我找不到理由.Version: '5.6.13-enterprise-commercial-advanced' socket ...

随机推荐

  1. Android 主题动态切换框架:Prism

    Prism(棱镜) 是一个全新的 Android 动态主题切换框架,虽然是头一次发布,但它所具备的基础功能已经足够强大了!本文介绍了 Prism 的各种用法,希望对你会有所帮助,你也可以对它进行扩展, ...

  2. C#中数据类型的安全转换(is,as)

    原文 C#中数据类型的安全转换(is,as) 下面代码中,不能装箱,在强制类型转换时出错,因为之前 c 是 class 类型,而却要把它转换为 int 类型,这是不可以的.虽然编译器能通过编译,但是 ...

  3. ChineseCounter.cs 统计中文文本中常用字占比

    http://www.tuicool.com/articles/qmMba2 1 using System; using System.IO; using System.Collections.Gen ...

  4. theano学习指南5(翻译)- 降噪自动编码器

    降噪自动编码器是经典的自动编码器的一种扩展,它最初被当作深度网络的一个模块使用 [Vincent08].这篇指南中,我们首先也简单的讨论一下自动编码器. 自动编码器 文献[Bengio09] 给出了自 ...

  5. RHEL6.x 删除Oracle11g

    1.停止数据库 $sqlplus /nolog SQL>conn /as sysdba SQL>shutdown immediate 2.停止Listener $lsnrctl stop ...

  6. Codeforces Round #226 (Div. 2 )

    这次精神状态不怎么好,第一题的描述看得我就蛋疼...看完就速度写了~~~最终fst了%>_<%,第二题写复杂了,一直WA pretest 3,然后就紧张,导致精神更不好了,一直纠结在第二题 ...

  7. ERROR: transport error 202: bind failed: Address already in use

    早上上班,同事反应服务上不去,后台看了一下,发现tomcat挂掉了,重新启动tomcat时报错. ERROR: transport error 202: bind failed: Address al ...

  8. jboss eap6出现Tags_$$_javassist_26 cannot be cast to javassist.util.proxy.ProxyObject的解决办法

    使用了spring,hibernate.部署在jboss eap6中时,查询时出现java.lang.ClassCastException: com.vteba.product.base.model. ...

  9. UI进阶 多线程

    一.多线程概述 程序.进程.线程 程序:由源代码生成的可执行应用.(例如:QQ.app) 进程:一个正在运行的程序可以看做一个进程.(例如:正在运行的QQ就是一个进程),进程拥有独立运行所需的全部资源 ...

  10. 爬去知乎百万用户信息之UserTask

    UserTask是获取用户信息的爬虫模块 public class UserManage { private string html; private string url_token; } 构造函数 ...