How can I block ping requests with IPTables?
and stealth specific ports?
Solution 1:
To deny responses to ping requests..Add the following iptable rule
iptables -A OUTPUT -p icmp -o eth0 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -s 0/0 -i eth0 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type destination-unreachable -s 0/0 -i eth0 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -s 0/0 -i eth0 -j ACCEPT
iptables -A INPUT -p icmp -i eth0 -j DROP
Solution 2:
I believe iptables -I INPUT -p icmp --icmp-type 8 -j DROP
should do the trick.
For IPv6 you would need something like ip6tables -I INPUT -p icmpv6 --icmp-type 8 -j DROP
.
Solution 3:
Simplest method of disabling ping response is to add an entry in /etc/sysctl.conf file. If the Iptables flushes or stop server will start responding to ping responses again. I suggest the following entry in your /etc/sysctl.conf file
net.ipv4.icmp_echo_ignore_all = 1
this will tell kernel to not respond any ping response, after this run sysctl -p on shell to implement the changes without reboot.
For more info please refer: http://www.trickylinux.net/disable-ping-response-linux/