How to block/drop ping requests to a linux/solaris server ?
In this article, I will show you how to block/drop ping requests made to your linux or solaris server. However mostly we spanfer to drop these ping requests (or icmp/echo request) packets at the network level but if you don’t have access to your router/switches and want to have this setting at OS level then we can do it.
Whether we talk about linux or solaris, both provides an easy way to accomplish this, by simply modifying a kernel parameter. Now let us see how to do this in linux first.
Step 1: Open /etc/sysctl.conf file on your linux server and add below entries to the file:
# net.ipv4.icmp_echo_ignore_broadcasts = 1
# net.ipv4.icmp_echo_ignore_all = 1
These are the kernel parameters that instructs our Linux OS to drop icmp echo request packet i.e. ping request packet and do not send the reply packet in response. By making entry in the file these changes will persists the reboot. If you want to have temporarily drop icmp echo request packets then you can use “sysctl –w” command to update kernel parameters.
Step 2: Now we need to run below command to update our kernel parameters at run time in linux.
# sysctl –p
Similarly we can drop these ping request packets on our Solaris box by modifying the kernel pamater. However there is a slight difference which lies how to update and which parameter to update in a Solaris box. We can simply do this by a single command like below.
# ndd -set /dev/ip ip_respond_to_echo_broadcast 0
We can make these changes permanent by adding this command in any system startup script like /etc/profile /etc/bashrc, or any other file of your rc level.
I hope this adds something to your part as linux or unix system admin and you can now block icmp echo request packets to your server and can save it from heavy load of these requests.