echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all
To reenable the PING response do this:
echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all
To make the change PERMANENT add the following line to /etc/sysctl.conf:
net.ipv4.icmp_echo_ignore_all=1
and execute this command
sysctl -p
It is better to use firewall for these purposes, so that you can optionally enable ping from some systems, esp monitoring systems
iptables -t filter -I INPUT -p icmp –icmp-type echo-request -s monitoring_system -j ACCEPT
iptables -t filter -I INPUT -p icmp –icmp-type echo-request -j DROP
Just in case it's not obvious to iptables newbies, replace "monitoring_system" with the IP/range of the server(s) which should be able to ping the server. All other ping requests will be silenty dropped.
–
Liu Lantao
College of Information Science and Technology, Beijing Normal University
EMAIL: liulantao ( at ) gmail ( dot ) com ;
WEBSITE: http://www.liulantao.com/ .
——
