The other day, while setting up a Linux server, I realized it was time to block Ping (ICMP requests) for security reasons. You might be wondering why disable something as basic as Ping?

Well, although Ping is super useful for checking connectivity, it can also be misused in DDoS attacks or to scan networks and identify live hosts. So, in this post, I’ll walk you through a few simple methods I used to block Ping on my Linux servers across different distros.

Why Block Ping?

Ping sends ICMP echo requests to see if a server is up and responding. But guess what? That means anyone on the internet can check if your server is live unless you stop it.

For some basic security hardening (especially on public-facing servers), disabling Ping is a solid first step.

Methods to Block Ping in Linux

Depending on the server and distribution, several different techniques can be used. Here’s how it can be done:

1. Using iptables

One easy way to block ICMP requests is with a simple iptables rule like this:

iptables -A INPUT --proto icmp -j DROP

This rule drops any Ping requests coming into the server. It’s easy and effective.

Note: iptables is usually pre-installed on most Linux systems.

2. Blocking Ping Temporarily (Kernel Method)

For temporary blocking without persisting after a reboot:

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

This tells the Linux kernel to ignore all ICMP echo requests but only until the next reboot.

3. Making It Permanent with sysctl

To make the change persistent, add the following to /etc/sysctl.conf:

echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf sysctl -p

Simple enough and it sticks after a restart.

4. Blocking Ping with UFW (on Ubuntu/Debian)

On Ubuntu or Debian systems with UFW enabled, add this rule to /etc/ufw/before.rules:

-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

Then reload UFW:

ufw disable && ufw enable

This effectively blocks ping requests.

5. Disabling Ping in CentOS/RHEL with Firewalld

On CentOS or Red Hat systems using Firewalld, the following command blocks ICMP types:

firewall-cmd --zone=public --remove-icmp-block={echo-request,echo-reply,timestamp-reply,timestamp-request} --permanent firewall-cmd --reload

This disables ping functionality using Firewalld.

Try it out, and let me know if you run into any issues. Drop a comment below!

Network   Security   Linux
Related Posts:

14 Essential SSH Security Hardening Steps for Linux Servers

How to Set Up SSH Key-Based Authentication in Linux

SSH into Raspberry Pi Zero over USB

Save, Load and Transfer Docker Images Easily