List of content you will read in this article:
- 1. What is a ping?
- 2. What are IP tables?
- 3. What is ICMP?
- 4. Where did the term “ping” originate from?
- 5. How to Disable/Stop Ping in Linux?
- 6. How to disable ping responses from CentOS?
- 7. How to disable ping responses on Ubuntu?
- 8. How to Disable Ping on Debian?
- 9. How to Enable Ping in Linux?
- 10. Conclusion
Before we get to the details on disabling ping, we will need to get acquainted with some basic networking knowledge. Don’t worry it will be short, simple, and fast. Let’s get to it!
What is a ping?
Ping is used to check if the machine is up and is connected to the network and working well on that particular network.
The basic methodology here is that a network packet is sent to the machine if the machine is up it will answer with a response. If the machine is down and not on the network you will not get any answer from the given ping.
The time that the Linux ping command uses on the network for the round trip is called ping time.
When a machine is up the IP response will be provided. This can also be used to scan an IP range for reachable hosts.
When the ping response is disabled no one can see you on the internet and you can have potential benefits from disabling the ping.
Advantages of disabling ping:
- Hide your machine on the network
- Prevent ping of death attack
- Save your machine from attacks
- Make your machine secure
What are IP tables?
It is a command-line firewall that allows or blocks the traffic which is already mentioned in the policy chain use. This command follows the packet-based approach for traffic monitoring. This is like a gatekeeper whenever someone tries to connect your machine the iptables command checks the sender in the predefined list to match the address. If the sender is not listed it will restore to the predefined default option and it will not allow the creation of the connection between your machine and the other device that is pinging you.
Rust Seller was the first person who wrote the iptables package filter for Netfilter Core Team. It was released in 1998 in C language.
What is ICMP?
Internet Control Message Protocol (ICMP) is different from transport protocols. It has no ports and it doesn't transport any data for diagnostic and control purposes.
This protocol is used over the internet to send error messages and it also indicates the success or failure of the interaction when the device communicates over another IP.
Where did the term “ping” originate from?
Ping is the term that was first used in World War II. It is a nautical term that was coined by submarines for the use of SONAR. When they used to send a signal to find some object the signal coming back to the machine with the required information was referred to as a ping.
How to Disable/Stop Ping in Linux?
We made the research and have got multiple methods on how to disable ping on Linux distros. Depending on specific configurations, the method will change. Following are the methods which will help you disable ping in Linux.
Methode 1: CSF firewall installed
People who have a CSF firewall installed have to do the following procedure to stop the ping response in Linux.
The first step would be editing the CSF. For this edit the main configuration file by typing the following vi commands:
vi /etc/csf/csf.conf
You will see the following output.
# Allow incoming PING
ICMP_IN = "1"
The last line which you see in the output is your next input. Change the command in the following way:
ICMP_IN = "0"
To apply the changes you have made through commands you need to restart both CSF and LFD.
/etc/init.d/csf restart
/etc/init.d/lfd restart
csf -r
Methode 2: How to Stop ping linux using icmp echo
When you want to stop the ping response the icmp echo is also a useful way.
Type the following command when you want to utilize the icmp echo for disabling ping:
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
you will witness that it is a temporary method that will stop the ping response until your system remains on. Once you have restarted your system it will be erased and you will have to do the above-mentioned step again.
When you want to stop the ping response permanently add /etc/sysctl.conf.
net.ipv4.icmp_echo_ignore_all = 1
When you want to update the change type the following:
sysctl -p
Methode 3: How to Disable ping using Iptables
Iptables are also one of the best ways to stop ping response in Linux. Run the following commands to apply the changes:
You need to verify the iptable version by typing the following command:
# iptables --version
You need to use the below rules to apply the command without seeing the error message:
# iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
# iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP
Use the following command to add rules in iptable:
# iptables -L
When the ping is disabled you will see the following result:
How to disable ping responses from CentOS?
When you want to disable ping in CentOS use kernel parameter icmp_echo_ignore_all
in /etc/sysctl.conf.
First of all, you need to review the current settings in the process of disabling ping responses. Type the following command:
# cat /proc/sys/net/ipv4/icmp_echo_ignore_all
When you see the output is 0:
Now use the local host command to disable the ping and never forget to press CTRL+C.
ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.060 ms
When you see the output is 1:
When you have output 1 from the first command now it is time to use the following commands:
# echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
You need to make the changes persistent and permanent even after rebooting add the following:
# vi /etc/sysctl.conf
# Ignore all to ICMP (ping)
net.ipv4.icmp_echo_ignore_all = 1
You can verify the parameter by typing the following:
# sysctl -a | grep "icmp_echo_ignore_all"
net.ipv4.icmp_echo_ignore_all = 1
you can use the following to view the ping from a local host or a remote server use these commands:
# ping localhost
The output will be as follow:
PING localhost (127.0.0.1) 56(84) bytes of data.
--- localhost ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4005ms
How to disable ping responses on Ubuntu?
You can configure the default UFW firewall to disable the incoming ping requests.
When you want to modify the /etc/ufw/before.rules the most necessary thing is to take a backup of the configuration files.
Type the following commands:
$ sudo cp /etc/ufw/before.rules /etc/ufw/before.rules_backup
Now you can use root privileges in the text editor:
FROM:
# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
TO:
# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP
You can use sed command to make the changes by typing the following:
$ sudo sed -i '/ufw-before-input.*icmp/s/ACCEPT/DROP/g' /etc/ufw/before.rules
Enable UFW firewall:
$ sudo ufw enable
You can reload if your firewall is already enabled:
$ sudo ufw reload
How to Disable Ping on Debian?
When you want to disable network ping on your server for security reasons you need to use iptables firewall.
You need to check the piing in the very first place. Open the terminal and type the following to check the status:
ping 127.0.0.1
You will see the following output:
When you have verified that the ping is enabled now it is time to disable it in iptables:
Now it is time to open the terminal with root privilege and type the following commands to execute:
$ sudo iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT
You will see the following output:
Now check the list of rules by typing the following command:
iptables –L
You will see the new rules added to the iptables in the output as follow:
You can check the ping status by typing the following command:
ping 127.0.0.1
The output will show you that the ping has been disabled.
That being said, here's how to enable ping in Linux!
How to Enable Ping in Linux?
Option 1
In order to enable ping, you can enter the following command:
# echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all
Option 2
Another method to enable Ping on your network, you can use sysctl to modify the kernel parameters at runtime.
~# sysctl -w net.ipv4.icmp_echo_ignore_all=0
net.ipv4.icmp_echo_ignore_all = 0
(root access required)
Option 3
Run the below command to enable ping on the server. It removes the rules if any blocking ping and will make network troubleshooting easier.
# iptables -D INPUT -p icmp --icmp-type echo-request -j REJECT
Here D is used to delete the rule
Conclusion
There are numerous benefits to stop ping in Linux but you can be barred from various benefits of using ping like diagnosing and sharing security information and sweeping the machines over the network. For gaming, the lag time, high ping, and low ping also affects the computer speed when you are connected to a particular network for an interactive experience.
We have mentioned various Linux commands for beginners to advanced levels and procedures that you can use to disable the ping and stay alive and upon the network without showing your IP to other people. When you have disabled Linux ping no one will be able to check your status on the internet.
Through this process, you can save your machine from the various ping responses, and the most important benefit that ping disable allows is that you become invisible to the hackers and no one can check the status of your machine whether you are up or not. So whenever you want to hide your presence in the local network disable the ping by using any of the methods which we have mentioned above for Linux distros [CentOS, Ubuntu, and Debian]. In an open-source system and network, the ability to hide your status is indeed a great blessing.
Don’t forget to leave us your feedback in the comments below!
People Are Also Reading:
I'm fascinated by the IT world and how the 1's and 0's work. While I venture into the world of Technology, I try to share what I know in the simplest way with you. Not a fan of coffee, a travel addict, and a self-accredited 'master chef'.