BY ADMIN - APRIL, 9TH 2014

The ‘PING’, it’s a command-line tool to check a host is reachable or not. We can manage it by the help of ‘iptables’. The ‘ping’ is using ICMP to communicate. We can simply manage the ‘icmp : Internet Controlled Message Protocol’ from iptables.

Required iptables switches
The below pasted switches are required for creating a rule for managing icmp.

-A : Add a rule

-D : Delete rule from table

-p : To specify protocol (here 'icmp')

--icmp-type : For specifying type

-J : Jump to target

Normally using icmp types and its Codes Click here for ICMP Types and Codes

echo-request   :  8

echo-reply     :  0

Here I am explaining some examples.

How to block PING to your server with an error message ?
In this way you can partially block the PING with an error message ‘Destination Port Unreachable’. Add the following iptables rules to block the PING with an error message. (Use REJECT as Jump to target)

iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT

Example:

[root@support ~]# ping 109.200.11.67

PING 109.200.11.67 (109.200.11.67) 56(84) bytes of data.

From 109.200.11.67 icmp_seq=1 Destination Port Unreachable

From 109.200.11.67 icmp_seq=2 Destination Port Unreachable

From 109.200.11.67 icmp_seq=3 Destination Port Unreachable

To block without any messages use DROP as Jump to target.

iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP

Allow Ping from Outside to Inside

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

How to block PING from your server to world ?
In this way you can block PING option from your server to outside. Add these rules to your iptables to do the same.
Block PING operation with message ‘Operation not permitted’

iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP

Example:

root@test [~]# ping google.com

PING google.com (173.194.34.136) 56(84) bytes of data.

ping: sendmsg: Operation not permitted

ping: sendmsg: Operation not permitted

ping: sendmsg: Operation not permitted

ping: sendmsg: Operation not permitted

To block with out any error messages.
For this, DROP the echo-reply to the INPUT chain of you iptables.

iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP

iptables -A INPUT -p icmp --icmp-type echo-reply -j DROP

Allow Ping from Inside to Outside

iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT

iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT

You can use the icmp code instead of icmp-type name for adding rule to iptables.
That’s it. Try this and let me know your feedback.

reference:http://crybit.com/iptables-rules-for-icmp/

How to allow/block PING on Linux server – IPTables rules for icmp---reference的更多相关文章

  1. 在Oracle Linux Server release 6.4下配置ocfs2文件系统

    ① 安装ocfs-tools-1.8 如果是使用RedHat Enterprise Linux 6.4,也可以安装ocfs-tools-1.8的,只是要插入Oracle Linux Server re ...

  2. Linux Server

    Linux Server CentOS 6.3下配置iSCSI网络存储 摘要: 一.简介iSCSI(internet SCSI)技术由IBM公司研究开发,是一个供硬件设备使用的.可以在IP协议的上层运 ...

  3. 在Azure上实现Linux Server故障转移

    要充分利用公有云的弹性扩展和高可用, 首先要在应用系统层面支持横向扩展(scale out),这个说起来很容易,或者说对新开发的应用系统而言已经成为标配.但是对已有的.老旧的应用系统来说,这就比较困难 ...

  4. HowTo: Linux Server Change OR Setup The Timezone

    Method 1 #tzselect # select timezone e.g. Asia/Shanghai#echo 'Asia/Shanghai' > /etc/timezone # se ...

  5. Zyxel Switch-How to block a fake DHCP server without enabling DHCP snooping?

    How to block a fake DHCP server without enabling DHCP snooping? Scenario How to block a fake DHCP se ...

  6. 分析windows宿主机Ping不通linux虚拟机的其中一种情况

    ping不通的情况是由于设置网络选项的时候,可以看到界面名称的选择如下(当前选择的是无线网卡驱动):

  7. ORACLE Install (10g r2) FOR Red Hat Enterprise Linux Server release 5.5 (64 bit) (转)

    OS Info----------# cat /etc/redhat-releaseRed Hat Enterprise Linux Server release 5.5 (Tikanga)# cat ...

  8. Red Hat Enterprise Linux Server(RHEL) yum安装软件时This system is not registered with RHN. RHN support will be disabled. 的解决方法(转)

    新安装了redhat6.5.安装后,登录系统,使用yum update 更新系统.提示: This system is not registered to Red Hat Subscription M ...

  9. Linux server关闭自己主动

    公司linux server发生错误.mysql server没有理由关闭,我找不到理由.Version: '5.6.13-enterprise-commercial-advanced' socket ...

随机推荐

  1. (转)solr排序OOM解决方法

    转自 http://topcat.iteye.com/blog/1293650 问题 lucene使用排序时会将被排序字段全部加入内存再进行排序,当多次使用不同字段进行排序时会造成OOM问题 解决方案 ...

  2. HDU 5965 Gym Class 贪心+toposort

    分析:就是给一些拓补关系,然后求最大分数,所以贪心,大的越靠前越好,小的越靠后越好 剩下的就是toposort,当然由于贪心,所以使用优先队列 #include <iostream> #i ...

  3. xmbc 资源

    http://raspberrypi.diandian.com/post/2013-02-25/40048470423 http://blog.csdn.net/lincyang/article/de ...

  4. 依赖注入框架Autofac源码阅读指南

    官方网站http://autofac.org/ 源码下载地址https://github.com/autofac/Autofac 最新版本是3.5.0 下载后大小为37M,包括源码,示例文档,与之相关 ...

  5. MFC定时器

    比较简单,在程序中可以找到原型. 在程序中我们经常要使用定时刷新的功能,典型的应用是在信息管理系统中表单要跟着数据库中的数据变动.MFC提供了定时器来完成这个功能. ================= ...

  6. sql-定义变量

    declare @subject nvarchar(50) set @subject=(select Subject from dbo.Scores where ID=1) --select @sub ...

  7. Linux 命令、Shell 杂货铺

    我看过一篇博客,是有关随手记录一些常用的命令的.感觉对自己比较有价值,不过其他人读起来就比较费劲了,毕竟没有什么主线.各取所需吧各位~ 1.CentOS 查看和修改系统时间和时区 date #查看系统 ...

  8. HDU5791--Two (DP)

    题意:两个数列a,b,求相同的子序列有多少对,内容相同位置不同也算不同. 题解:dp[i][j]表示a数列前i个数个 b数列前j个数 有多少对 递推方程: dp[i][j] = dp[i-1][j-1 ...

  9. OWIN学习

    在微软.net的dll中 有Microsoft.Owin Microsoft.Owin.Security, Microsoft.Owin.Security.Cookies, Microsoft.Owi ...

  10. hdu 1520 (树形DP)

    dp[i][0]表示i不参加 dp[i][1]表示i参加 简单的树形dp #include<stdio.h> #include<string.h> #define N 6100 ...