To test the network quality, the PING facility is used and the hackers quite often use it to spoof the host and destination servers to perform flooding attacks. Users sometimes feel the need to block unwanted server requests to keep their system secure and protect the server from any kind of attack. In this article, we will see how to block the PING requests. The tutorial will walk users through unblocking PING requests as well.

Packet Internet Groper (PING)

PING is used to check-out the status of the connection between any source and any destination. Users can know the time taken by the packets to receive a response. In this article, we will go through the iptables commands that are needed in a Ubuntu or Debian, or Linux Mint 20 system to communicate with the server to block and unblock them.

Prerequisites

  • Ubuntu 20.04 or Linux Mint 20 or Debian 10
  • User with sudo right privileges

The commands used in this tutorial were tested on an Ubuntu system. The first step is to install iptables, for that we will be using the terminal window of the system. Open up the terminal by using the Ctl+Alt+T shortcut.

Block/unblock PING requests in Ubuntu

ICMP is the protocol used for sending the PING requests. The packets Echo the request to the destination system and then in response get an Echo reply. PING command has the capability to continuously send the ICMP packets. This packet sending mechanism goes on and on unless the users stop it by press the Ctl+C shortcut from their keyboard.

Linux ping

To block requests for PING, users need to block ICMP requests. We will be discussing to ways to block and unblock these echo requests. The methods are:

  • Via Kernel parameters
  • Via means of iptables

How to block/unblock PING requests via kernel parameters

To block PING requests either temporarily or permanently, you can use the kernel method. There are the parameters for the kernel that can be edited and modified using sysctl command.

Temporary block/unblock requests

The first way to block PING requests is a temporary blockage and it is done by using sysctl command. This command is used in Linux platform-based systems to modify or read and write parameters of kernel within the /proc/sys directory.

Blocking the PING request

For blocking the PING request, issue the below-mentioned command in Terminal:

$ sudo sysctl -w net.ipv4.icmp_echo_ignore_all=1

Here, net.ipv4.icmp_echo_ignore_all is the parameter that controls the system to respond against the incoming ICMP request. 0 means yes while 1 means no response to the request. Here, 1 implies all request will be ignored or rejected

Block ping using sysctl

When a PING request is sent, no packets will be received in response.

Ping blocked successfully

Unblocking the PING request

Now, we desire to unblock the PING requests, type the following command in the terminal window:

$ sudo sysctl -w net.ipv4.icmp_echo_ignore_all=0

Unblock ping using sysctl

Users can also use the kernel parameter value and alter it in the /proc/sys directory in the echo command. Users need to notice that they need to have a sudo user privilege. Now, switch to the root account using:

$ sudo -s

Enter this command in Terminal:

$ echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

Ignore ping

For unblocking, use:

$ echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

Unblock ping

This was the method to temporarily block and unblock PING requests.

Permanently block/unlock requests

To modify the parameters of the kernel, we can use /etc/sysctl.conf file. To block the requests, we need to edit this file.

Blocking the PING request

To block the request, we need to edit /etc/sysctl.conf file using:

$ sudo nano /etc/sysctl.conf

Edit sysctl.conf

Editor window will open up, enter the line in this file:

net.ipv4.icmp_echo_ignore_all = 1

sysctl.conf file

Now, save and close this file. To reflect the change without a reboot, issue the following command:

$ sysctl -p

Apply sysctl config

Unblocking the PING Request

For this, edit /etc/sysctl.conf file by using:

$ sudo nano /etc/sysctl.conf

Unblock ping using sysctl

This time, we need to update the the value of net.ipv4.icmp_echo_ignore_all to ‘0’: net.ipv4.icmp_echo_ignore_all = 0

allow ping again

Now, save and close this file. To reflect the change without a reboot, issue the following command:

$ sysctl -p

Apply config changes

This way users can permanently block and unblock PING requests.

How to block/unblock PING requests using iptables

Iptables utility is used via the command line to enable or disable the traffic. It works on the basis of rules i.e. policy chain. Iptables works on packet wise networking where the traffic is monitored for each set of packets respectively. They work on the look up rule where they match each packet with the list to map it up with each rule. In case if the rules do not match up, then the connection will not be established. The package filter for iptables is in the C programming language and till now new releases and versions come up that can be downloaded using: https://git.netfilter.org/iptables/

Block/unblock PING from iptables

Step 1: Installation of iptables

To install the iptables, type the following command in the terminal window:

$ sudo apt-get install iptables

Install iptables

The installation will begin as shown below:

IPTables installation

Step 2: Confirmation of iptables installation

Now, we need to confirm the installation of iptables. Type the command mentioned-below in your terminal window:

$ iptables --version

Iptables version check

As soon as you hit enter, you will see a version similar to this one in the output.

IPTables version

Now, we will see the method of disabling and enabling the ping command.

Blocking PING with iptables

Iptables is a rule-based network filtering engine. Users can add these rules to block pings coming to and from their servers. We will be discussing a set of examples to add the set of rules to block PING.

Examples:

Rule 1:

To reject or block the request, use the following command. -A in the following command implies the addition of rules. You will see an error message on running the following ping command:

$ sudo iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT

Block icmp

When you ping any IP address, you will see an output like this one:

Ping port unreachable

Rule 2:

You can also use the following rule to block PING at the end of the input. This will not display the error message.

$ sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

Drop ping requests without notice

Rule 3:

To drop or block the PING request at the output end, you can also use the following command.

$ sudo iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP

Block icmp

Unblocking PING from iptables

Now, we will discuss the method of enabling PING commands from iptables.

Listing the available rules

You can use the following command to check out all rules that have been added to the iptables.

List firewall rules

The output will look like this:

Iptables list

Removing the set of blocker rules

Users can remove the set of rules that are acting as a blocker for PING, they can remove it. As displayed in the above example, here ICMP is being rejected. Therefore, we will remove it by:

$ sudo iptables -D INPUT -p icmp --icmp-type echo-request -j REJECT

Delete rule

Users can easily delete all of the unwanted rules. They can simply use -D command to delete any of the rules.

Deleting the custom rules

To delete the custom rules, added to the iptables, type the following command in the terminal window to delete any unwanted rule:

$ sudo iptables -F

apply firewall config

This way users can add and unblock the PING from iptables.

Conclusion

In this article, we went through the method of disabling and enabling PING using kernel parameters and iptables in a Linux Mint 20 system. The kernel parameters allowed users to save the settings either permanently or temporarily. We discussed the installation of iptables and then went through the method of disabling PING with suitable examples. We then saw the method to unblock PING from iptables. In this article, we checked how to remove and to delete the rules whether they are custom or act as a blocker for the system.

How to block or unblock PING requests in Ubuntu
Avatar

Karim Buzdar

About the Author: Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. He blogs at LinuxWays.