Shulou(Shulou.com)06/02 Report--

Editor to share with you how to turn on or off the ICMP protocol in Centos6 and 7 operating systems, I believe most people do not know much about it, so share this article for your reference. I hope you will learn a lot after reading this article. Let's learn about it together.

Say in front.

Speaking of the ICMP agreement, some small partners may be a little strange to this, do not know what the role of this agreement, when will be used? But when it comes to the commands of ping and Tracert to check network connectivity, I believe most people who engage in operation and maintenance or IT will be more familiar with this. In fact, ping and Tracert are implemented based on the ICMP protocol.

The full name of ICMP is Internet Control Message Protocol. From a technical point of view, ICMP is an "error detection and return mechanism". This protocol is of great significance in judging network security and network connection health. Our main content today is to talk about how to turn the ICMP protocol on and off in Centos 6 and Centos 7. Knowledge of ICMP security, such as ICMP network attacks, is not discussed in this article.

Description

There are two main factors that affect ping: one is kernel parameters, the other is firewall rule configuration. Ping is allowed only if two parameters are allowed at the same time, and ping is not allowed if either factor configuration is not allowed. There is no difference between changes in centos 6 or 7.

The kernel parameter enabling method # cat / proc/sys/net/ipv4/icmp_echo_ignore_all echoes two results. 0 means allowed and 1 means disabled. Here is 1, proceed to the next step

1. To turn on ping temporarily, execute the following command

# echo 0 > / proc/sys/net/ipv4/icmp_echo_ignore_all

two。 Permanently open, execute the command:

# vim / etc/sysctl.conf net.ipv4.icmp_echo_ignore_all=0 / / add this line (if this line already exists, make sure the following parameter is 0): wq saves the exit configuration file # sysctl-p / / execute this command to make the configuration effective

Permanently open, execute the command

Sysctl-p

Kernel parameters turn off the ping method

Temporarily close execution:

# echo 1 > / proc/sys/net/ipv4/icmp_echo_ignore_all

Permanently close:

# vim / etc/sysctl.conf net.ipv4.icmp_echo_ignore_all=1# sysctl-p firewall rules

Allow ping:

# iptables-I INPUT-I eth0-p icmp-s 0 ACCEPT 0-d 0 ACCEPT

Firewall rules can be viewed through iptables-nvL

Prohibit ping

# iptables-I INPUT-I eth0-p icmp-s 0 DROP 0-d 0 DROP final test, you can ping the target host

Testing ping Baidu as an example

The above is all the contents of this article entitled "how to turn ICMP on or off in Centos6, 7 operating systems". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.