How can I block ping requests with IPTables?

and stealth specific ports?


Solution 1:

To deny responses to ping requests..Add the following iptable rule

iptables -A OUTPUT -p icmp -o eth0 -j ACCEPT          
iptables -A INPUT -p icmp --icmp-type echo-reply -s 0/0 -i eth0 -j ACCEPT     
iptables -A INPUT -p icmp --icmp-type destination-unreachable -s 0/0 -i eth0 -j ACCEPT  
iptables -A INPUT -p icmp --icmp-type time-exceeded -s 0/0 -i eth0 -j ACCEPT       
iptables -A INPUT -p icmp -i eth0 -j DROP       

Solution 2:

I believe iptables -I INPUT -p icmp --icmp-type 8 -j DROP should do the trick.

For IPv6 you would need something like ip6tables -I INPUT -p icmpv6 --icmp-type 8 -j DROP.

Solution 3:

Simplest method of disabling ping response is to add an entry in /etc/sysctl.conf file. If the Iptables flushes or stop server will start responding to ping responses again. I suggest the following entry in your /etc/sysctl.conf file

net.ipv4.icmp_echo_ignore_all = 1

this will tell kernel to not respond any ping response, after this run sysctl -p on shell to implement the changes without reboot.

For more info please refer: http://www.trickylinux.net/disable-ping-response-linux/