Shulou(Shulou.com)06/03 Report--

Linux allows ping responses by default, which means ping is turned on, but ping may be the beginning of network insecurity, so turning off ping can improve the security factor of the server.

Whether the system allows ping is determined by two factors: 1. kernel parameters, and 2. firewall.

Two factors are required to allow ping, either of which prevents ping from opening. The following cloud network to say the specific configuration method:

1. Kernel parameter settings

Allow/Disallow ping settings (default allows ping)

The command to temporarily allow/prohibit ping operation is: modify the contents of the file/proc/sys/net/ipv4/icmp_echo_ignore_all. The contents of this file only have 1 character, 0 is allowed ping, 1 is prohibited ping, and there is no need to restart the server;

Permanently Allow/Disallow ping Configuration Method:

Modify the file/etc/sysctl.conf by adding a line at the end of the file:

net.ipv4.icmp_echo_ignore_all = 1

If net.ipv4.icmp_echo_ignore_all already exists, you can modify the value after = directly. 0 means allowed, 1 means prohibited.

When the modification is complete, execute sysctl -p to make the new configuration take effect (important).

2. Firewall settings (the premise of the method here is that the kernel configuration is the default value, that is, ping is not prohibited)

Take iptables firewall as an example. For other firewall operation methods, please refer to the official firewall documentation.

Allow ping settings

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

Or you can stop the firewall temporarily:

service iptables stop

Disable ping settings

iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -j drop

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.