加入收藏 | 设为首页 | 会员中心 | 我要投稿 长春站长网 (https://www.0431zz.com/)- 业务安全、终端安全、文字识别、云计算、智能内容!
当前位置: 首页 > 综合聚焦 > Linux > 正文

How to allow/block PING on Linux server – IPTables rules for

发布时间:2020-09-18 22:00:54 所属栏目:Linux 来源:互联网
导读:BYADMIN-APRIL, 9TH 2014The ‘PING’, it’s a command-line tool to check a host is reachable or not. We

<div class="post-content-left">
<div class="random-posts">

-APRIL,9TH 2014

The ‘PING’,it’s a command-line tool to check a host is reachable or not. We can manage it by the help of ‘iptables’. The ‘ping’ is using ICMP to communicate. We can simply manage the ‘icmp : Internet Controlled Message Protocol’ from iptables.

Required iptables switchesThe below pasted switches are required for creating a rule for managing icmp.

-A : Add a rule
-D : Delete rule from table
-p : To specify protocol (here 'icmp')
--icmp-type : For specifying type
-J : Jump to target

Normally using icmp types and its Codes Click here for ICMP Types and Codes

echo-request   :  8
echo-reply     :  0

Here I am explaining some examples.

How to block PING to your server with an error message ?In this way you can partially block the PING with an error message ‘Destination Port Unreachable’. Add the following iptables rules to block the PING with an error message. (Use REJECT as Jump to target)

iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT

Example:

[root@support ~]# ping 109.200.11.67
PING 109.200.11.67 (109.200.11.67) 56(84) bytes of data.
From 109.200.11.67 icmp_seq=1 Destination Port Unreachable
From 109.200.11.67 icmp_seq=2 Destination Port Unreachable
From 109.200.11.67 icmp_seq=3 Destination Port Unreachable

To block without any messages use DROP as Jump to target.

iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP

Allow Ping from Outside to Inside

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

How to block PING from your server to world ?In this way you can block PING option from your server to outside. Add these rules to your iptables to do the same.Block PING operation with message ‘Operation not permitted’

iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP

Example:

root@test [~]# ping google.com
PING google.com (173.194.34.136) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

To block with out any error messages.For this,DROP the echo-reply to the INPUT chain of you iptables.

iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
iptables -A INPUT -p icmp --icmp-type echo-reply -j DROP

Allow Ping from Inside to Outside

iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT

You can use the icmp code instead of icmp-type name for adding rule to iptables.That’s it. Try this and let me know your feedback.

reference:http://crybit.com/iptables-rules-for-icmp/

(编辑:长春站长网)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
    相关内容
      推荐文章
        站长推荐
        热点阅读

          【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

          建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的非凡浏览效果

          Copygight © 2016-2023 https://www.0431zz.com/ All Rights Reserved. 长春站长网