How to Block Ping ICMP Requests to Linux Systems

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

5 Responses

  1. Matei Cezar says:

    The guide just shows how you can disable ICMP for certain cases, but not implies that you must disable it.

  2. Anders Lowinger says:

    This is just a BAD recommendation. You should not block ICMP, it disables Path MTU discovery which gives poor performance for people on links with less than 1500 bytes MTU. PPPoE is one such link.

    If you want to filter, rate limit ICMP to 10 packets/sek or similar.

  3. Out says:

    What the stupid thing to remove icmp protocol. This move not security improve, but networking maybe slow down (to this host).

  4. Jonix says:

    Also, before adding the solution in /etc/sysctl.conf, check that file for eventual other places the definitions are/is set (on my system it was in /usr/lib/sysctl.d/50-default.conf )

  5. Jonix says:

    If you just want to block ICMP-“scans” (ICMP redirect, ping the whole network), the file solution could be good to do with the file /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.