« August 2012 | Main | December 2012 »

September 07, 2012

iptables: method to simply block Ping requests...

Sometimes a system administrator would simply like to block out all incoming ping requests - issue the following command in order to adjust iptables for this functionality:

/sbin/iptables -I INPUT -j DROP -p icmp --icmp-type echo-request

(this reads drop all input of protocol type icmp, specifically echo-request).

Then to drop the rule, simply obtain the index number of the iptables rule:


/sbin/iptables -L INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 DROP icmp -- anywhere anywhere icmp echo-request

(the block ICMP request in number 1)

Drop the entry:

/sbin/iptables -D INPUT 1

Posted by cdgrieb at 09:31 AM | Comments (0)