How To Disable Ping In Linux? [Stop Ping Linux]

Are you looking to stop ping command in Linux distro? This article will let you know how to disable ping in Linux distros.

Updated: 05 Mar, 23 by Susith Nonis 10 Min

List of content you will read in this article:

Before we get to the details on disabling ping, we will need to get acquainted with some basic networking knowledge. Don’t worry it will be short, simple, and fast. Let’s get to it!

Ping is used to check if the machine is up and is connected to the network and working well on that particular network.

The basic methodology here is that a network packet is sent to the machine if the machine is up it will answer with a response. If the machine is down and not on the network you will not get any answer from the given ping.

The time that the Linux ping command uses on the network for the round trip is called ping time.

When a machine is up the IP response will be provided. This can also be used to scan an IP range for reachable hosts.

When the ping response is disabled no one can see you on the internet and you can have potential benefits from disabling the ping.

Advantages of disabling ping:

  • Hide your machine on the network
  • Prevent ping of death attack
  • Save your machine from attacks
  • Make your machine secure

It is a command-line firewall that allows or blocks the traffic which is already mentioned in the policy chain use. This command follows the packet-based approach for traffic monitoring. This is like a gatekeeper whenever someone tries to connect your machine the iptables command checks the sender in the predefined list to match the address. If the sender is not listed it will restore to the predefined default option and it will not allow the creation of the connection between your machine and the other device that is pinging you.

Rust Seller was the first person who wrote the iptables package filter for Netfilter Core Team. It was released in 1998 in C language.

Internet Control Message Protocol (ICMP) is different from transport protocols. It has no ports and it doesn't transport any data for diagnostic and control purposes.

This protocol is used over the internet to send error messages and it also indicates the success or failure of the interaction when the device communicates over another IP.

Ping is the term that was first used in World War II. It is a nautical term that was coined by submarines for the use of SONAR. When they used to send a signal to find some object the signal coming back to the machine with the required information was referred to as a ping.

We made the research and have got multiple methods on how to disable ping on Linux distros. Depending on specific configurations, the method will change. Following are the methods which will help you disable ping in Linux.

Methode 1: CSF firewall installed

People who have a CSF firewall installed have to do the following procedure to stop the ping response in Linux.

The first step would be editing the CSF. For this edit the main configuration file by typing the following vi commands:

vi /etc/csf/csf.conf

You will see the following output.

# Allow incoming PING

ICMP_IN = "1"

The last line which you see in the output is your next input. Change the command in the following way:

ICMP_IN = "0"

To apply the changes you have made through commands you need to restart both CSF and LFD.

/etc/init.d/csf restart

/etc/init.d/lfd restart

csf -r

Methode 2: How to Stop ping linux using icmp echo

When you want to stop the ping response the icmp echo is also a useful way.

Type the following command when you want to utilize the icmp echo for disabling ping:

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

you will witness that it is a temporary method that will stop the ping response until your system remains on. Once you have restarted your system it will be erased and you will have to do the above-mentioned step again. 

When you want to stop the ping response permanently add /etc/sysctl.conf.

net.ipv4.icmp_echo_ignore_all = 1

When you want to update the change type the following:

sysctl -p

Methode 3: How to Disable ping using Iptables

Iptables are also one of the best ways to stop ping response in Linux. Run the following commands to apply the changes:

You need to verify the iptable version by typing the following command:

# iptables --version

You need to use the below rules to apply the command without seeing the error message:

# iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

# iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP

Use the following command to add rules in iptable:

# iptables -L

When the ping is disabled you will see the following result:

When you want to disable ping in CentOS use kernel parameter icmp_echo_ignore_all in /etc/sysctl.conf.

First of all, you need to review the current settings in the process of disabling ping responses. Type the following command:

# cat /proc/sys/net/ipv4/icmp_echo_ignore_all

When you see the output is 0:

 Now use the local host command to disable the ping and never forget to press CTRL+C.

 ping localhost

PING localhost (127.0.0.1) 56(84) bytes of data.

64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.060 ms

 When you see the output is 1:

When you have output 1 from the first command now it is time to use the following commands:

# echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

 You need to make the changes persistent and permanent even after rebooting add the following:

# vi /etc/sysctl.conf

 # Ignore all to ICMP (ping)

 net.ipv4.icmp_echo_ignore_all = 1

 You can verify the parameter by typing the following:

# sysctl -a | grep "icmp_echo_ignore_all"

net.ipv4.icmp_echo_ignore_all = 1

you can use the following to view the ping from a local host or a remote server use these commands:

 # ping localhost

The output will be as follow:

 PING localhost (127.0.0.1) 56(84) bytes of data.

 --- localhost ping statistics ---

5 packets transmitted, 0 received, 100% packet loss, time 4005ms

You can configure the default UFW firewall to disable the incoming ping requests.

When you want to modify the /etc/ufw/before.rules the most necessary thing is to take a backup of the configuration files.

Type the following commands:

$ sudo cp /etc/ufw/before.rules /etc/ufw/before.rules_backup

Now you can use root privileges in the text editor:

FROM:

# ok icmp codes for INPUT

-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT

-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT

-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT

-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT

-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

TO:

 # ok icmp codes for INPUT

-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP

-A ufw-before-input -p icmp --icmp-type source-quench -j DROP

-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP

-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP

-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

You can use sed command to make the changes by typing the following: 

$ sudo sed -i '/ufw-before-input.*icmp/s/ACCEPT/DROP/g' /etc/ufw/before.rules

Enable UFW firewall:

$ sudo ufw enable

You can reload if your firewall is already enabled:

$ sudo ufw reload

When you want to disable network ping on your server for security reasons you need to use iptables firewall.

You need to check the piing in the very first place. Open the terminal and type the following to check the status:

ping 127.0.0.1

You will see the following output:

When you have verified that the ping is enabled now it is time to disable it in iptables:

Now it is time to open the terminal with root privilege and type the following commands to execute:

$ sudo iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT

You will see the following output:

Now check the list of rules by typing the following command:

iptables –L

You will see the new rules added to the iptables in the output as follow:

You can check the ping status by typing the following command:

ping 127.0.0.1

The output will show you that the ping has been disabled.

That being said, here's how to enable ping in Linux!

Option 1

In order to enable ping, you can enter the following command:

# echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all

Option 2

Another method to enable Ping on your network, you can use sysctl to modify the kernel parameters at runtime. 

~# sysctl -w net.ipv4.icmp_echo_ignore_all=0
net.ipv4.icmp_echo_ignore_all = 0
(root access required)

Option 3

Run the below command to enable ping on the server. It removes the rules if any blocking ping and will make network troubleshooting easier.

# iptables -D INPUT -p icmp --icmp-type echo-request -j REJECT

Here D is used to delete the rule

There are numerous benefits to stop ping in Linux but you can be barred from various benefits of using ping like diagnosing and sharing security information and sweeping the machines over the network. For gaming, the lag time, high ping, and low ping also affects the computer speed when you are connected to a particular network for an interactive experience.

We have mentioned various Linux commands for beginners to advanced levels and procedures that you can use to disable the ping and stay alive and upon the network without showing your IP to other people. When you have disabled Linux ping no one will be able to check your status on the internet.

Through this process, you can save your machine from the various ping responses, and the most important benefit that ping disable allows is that you become invisible to the hackers and no one can check the status of your machine whether you are up or not. So whenever you want to hide your presence in the local network disable the ping by using any of the methods which we have mentioned above for Linux distros [CentOS, Ubuntu, and Debian]. In an open-source system and network, the ability to hide your status is indeed a great blessing.

Don’t forget to leave us your feedback in the comments below!

People Are Also Reading:

Susith Nonis

Susith Nonis

I'm fascinated by the IT world and how the 1's and 0's work. While I venture into the world of Technology, I try to share what I know in the simplest way with you. Not a fan of coffee, a travel addict, and a self-accredited 'master chef'.