Linux – How to Disable Ping Response (ICMP Echo) Permanently

icmpping

I want to disable ping response all the time on my Ubuntu operating system, the following commands work but only until the system reboots:

Ping off:

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

Ping on:

echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all

How would I be able to leave echo off even after having rebooted my laptop?

Best Answer

How would I be able to leave echo off even when I am rebooting my laptop?

You can use one of the following three ways (as root):

Edit `/etc/sysctl.conf`

Add the following line to your /etc/sysctl.conf:

net.ipv4.icmp_echo_ignore_all=1

Then:

sysctl -p

Using iptables:

iptables -I INPUT -p icmp --icmp-type echo-request -j DROP

With cron

Run crontab -e as root, then add the following line:

@reboot echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

Start and enable the service:

systemctl start cron.service
systemctl enable cron.service

Related Solutions

Networking – How to Ping Multiple IP Addresses Simultaneously

If you look into the NMAP project you'll find that it includes additional tools on top of just nmap. One of these tools is nping, which includes the following ability:

Nping has a very flexible and powerful command-line interface that grants users full control over generated packets. Nping's features include:

Custom TCP, UDP, ICMP and ARP packet generation.

Support for multiple target host specification.

Support for multiple target port specification.

...

nping is in the standard EPEL repos to boot.

$ repoquery -qlf nmap.x86_64 | grep nping
/usr/bin/nping
/usr/share/man/man1/nping.1.gz

Usage

To ping multiple servers you merely have to tell nping the names/IPs and which protocol you want to use. Here since we want to mimic what the traditional ping CLI does we'll use ICMP.

$ sudo nping -c 2 --icmp scanme.nmap.org google.com

Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-06-14 13:43 EDT
SENT (0.0088s) ICMP [10.3.144.95 > 45.33.32.156 Echo request (type=8/code=0) id=42074 seq=1] IP [ttl=64 id=57921 iplen=28 ]
RCVD (0.0950s) ICMP [45.33.32.156 > 10.3.144.95 Echo reply (type=0/code=0) id=42074 seq=1] IP [ttl=46 id=24195 iplen=28 ]
SENT (1.0091s) ICMP [10.3.144.95 > 45.33.32.156 Echo request (type=8/code=0) id=42074 seq=2] IP [ttl=64 id=57921 iplen=28 ]
SENT (2.0105s) ICMP [10.3.144.95 > 45.33.32.156 Echo request (type=8/code=0) id=42074 seq=2] IP [ttl=64 id=57921 iplen=28 ]
RCVD (2.0107s) ICMP [45.33.32.156 > 10.3.144.95 Echo reply (type=0/code=0) id=42074 seq=2] IP [ttl=46 id=24465 iplen=28 ]
SENT (3.0138s) ICMP [10.3.144.95 > 64.233.177.100 Echo request (type=8/code=0) id=49169 seq=2] IP [ttl=64 id=57921 iplen=28 ]

Statistics for host scanme.nmap.org (45.33.32.156):
 |  Probes Sent: 2 | Rcvd: 2 | Lost: 0  (0.00%)
 |_ Max rtt: 86.053ms | Min rtt: 0.188ms | Avg rtt: 43.120ms
Statistics for host google.com (64.233.177.100):
 |  Probes Sent: 2 | Rcvd: 0 | Lost: 2  (100.00%)
 |_ Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Raw packets sent: 4 (112B) | Rcvd: 2 (108B) | Lost: 2 (50.00%)
Nping done: 2 IP addresses pinged in 3.01 seconds

The only drawback I've found with this tool is the use of ICMP mode requiring root privileges.

$ nping -c 2 --icmp scanme.nmap.org google.com
Mode ICMP requires root privileges.