DISQUS

Tech-Recipes: Disable ICMP echo (ping) responses in Linux | Linux networking | Tech-Recipes

  • Anonymous · 5 years ago
    But that would stop pings altogether. If you have a monitoring service, this would hurt you. You would never know if your server went down.

    I would suggest installing APF fire wall, then do this:
    pico -w /etc/apf/conf.apf

    Change this:
    IG_ICMP_TYPES="3,5,11,0,30,8"

    To this:
    IG_ICMP_TYPES="3,5,11,0,30"

    So, if you have a monitoring service, add the monitor's IP to the alallow_hosts.rules file.

    THEN:
    service apf restart


    That would block pings from all outside sources except the IP's you explicitly allow.
  • Anonymous · 5 years ago
    Just have your monitoring service try to connect to an open port (FTP, POP3, SMTP, WEB, SSH, Etc.) instead of going through the trouble of installed firewall software and configuring it. I use hyperspin.com and they can try to connect to a specific port instead or in addition to a classic ping.
  • Guest · 4 years ago
    thanks for the tip! complete newbie to Linux but managed to get 100% stealth enabled in the firewall....
    using your tips page.. only had to disable ping to achieve it! thanx again! :P