Shulou(Shulou.com)06/01 Report--

Editor to share with you how linux to achieve the prohibition of ping, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

First log in to the server terminals and execute: echo 1 > / proc/sys/net/ipv4/icmp_echo_ignore_all

In this way, ping can be banned. If you want to restore ping, you can execute the command

Echo 0 > / proc/sys/net/ipv4/icmp_echo_ignore_all

=

Firewall mode static ping command

Echo "1" > / proc/sys/net/ipv4/icmp_echo_ignore_all

Now other people can't ping you, and you can't ping others.

Change its value to 1 to disable PING

Change its value to 0 to remove the prohibition of PING

Actually, iptable is the easiest to use.

Iptables-An INPUT-p icmp- icmp-type 8-s 0max 0-j DROP

Iptables-An INPUT-p icmp- icmp-type 0-s 0max 0-j ACCEPT

Iptables-An OUTPUT-p icmp- icmp-type 0-s 192.168.29.1-j DROP

Iptables-An OUTPUT-p icmp- icmp-type 8-s 192.168.29.1-j ACCEPT

How to make others ping less than themselves, while you can ping others, the problem is actually very simple, use the following script

# / bin/bash iptables-F iptables-F-t nat iptables-X iptables-P INPUT DROP iptables-P OUTPUT DROP iptables-P FORWARD DROP iptables-An INPUT-I lo-j ACCEPT iptables-An INPUT-m state-state ESTABLISHED,RELATED-j ACCEPT iptables-An INPUT-p tcp-m multiport-dport 80lt 22-j ACCEPT iptables-An INPUT-p icmp--icmp-type 0-j ACCEPT iptables-An OUTPUT-o lo-j ACCEPT iptables-An OUTPUT-m state-state ESTABLISHED RELATED-j ACCEPT iptables-An OUTPUT-p tcp-m multiport-- sport 80 OUTPUT 22-j ACCEPT iptables-An OUTPUT-p icmp--icmp-type 8-j ACCEPT

Prohibition of ping and prevention of ddos outgoing packets in iptables applications

Mainly talk about two basic practical applications, mainly related to the prohibition of ping (ipv4) and the prohibition of udp, that is, the prohibition of hackers using the server to send packets to ddos attacks.

First, prohibit ping if there is no iptables

Echo1 > / proc/sys/net/ipv4/icmp_echo_igore_all # Open

Echo0 > / proc/sys/net/ipv4/icmp_echo_igore_all # off

2. Ban ping by using iptables rules

Iptables-An INPUT-p icmp--icmp-type8-s 0 DROP 0-j DROP

Third, use iptables rules to prohibit servers from sending packets and prevent DDOS attacks.

Iptables-I OUTPUT-p udp-- dport 53-d 8.8.8.8-j ACCEPT # allow UDP service IP

Iptables-An OUTPUT-p udp-j DROP # disables udp services

The above 53 ports and 8888 are required for DNS services. If you are not clear about the local DNS settings, you can execute the following command to get IP:

Cat/etc/resolv.conf

The above is all the content of the article "how to prohibit ping by linux". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.