Restrict to ping pc from remote PC












2















How to restrict to ping my PC from any remote PC ? Is there any method for doing that.my PC is out of firewall , though I want to stop ping to my PC from outside. Can I do that ? if YES then how ? I am using Ubuntu 16.04.










share|improve this question

























  • A firewall should help.

    – George Udosen
    Jan 3 '17 at 13:23
















2















How to restrict to ping my PC from any remote PC ? Is there any method for doing that.my PC is out of firewall , though I want to stop ping to my PC from outside. Can I do that ? if YES then how ? I am using Ubuntu 16.04.










share|improve this question

























  • A firewall should help.

    – George Udosen
    Jan 3 '17 at 13:23














2












2








2


1






How to restrict to ping my PC from any remote PC ? Is there any method for doing that.my PC is out of firewall , though I want to stop ping to my PC from outside. Can I do that ? if YES then how ? I am using Ubuntu 16.04.










share|improve this question
















How to restrict to ping my PC from any remote PC ? Is there any method for doing that.my PC is out of firewall , though I want to stop ping to my PC from outside. Can I do that ? if YES then how ? I am using Ubuntu 16.04.







16.04






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 7 hours ago









Codito ergo sum

1,3482725




1,3482725










asked Jan 3 '17 at 12:58









Avani badhekaAvani badheka

1,0014927




1,0014927













  • A firewall should help.

    – George Udosen
    Jan 3 '17 at 13:23



















  • A firewall should help.

    – George Udosen
    Jan 3 '17 at 13:23

















A firewall should help.

– George Udosen
Jan 3 '17 at 13:23





A firewall should help.

– George Udosen
Jan 3 '17 at 13:23










1 Answer
1






active

oldest

votes


















4














Its possible with the following methods:





  1. Setup kernel variable to drop all ping packets (temporary):



    echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

    This instructs the kernel to simply ignore all ping
    requests (ICMP type 0 messages)




    • To re-enable:



      echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all





  2. Add following line to /etc/sysctl.conf file, append this line (permanent solution to step one):



    net.ipv4.icmp_echo_ignore_all = 1

    Reload with sysctl -p



  3. Use iptables by setting the ICMP (Internet Control Message Protocol):





    • Add these lines:



      iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP

      OR

      iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP





  4. If using firewalld:





    • Check ICMP types available



      firewall-cmd --get-icmptypes



    • We are after echo-reply, so apply block



      firewall-cmd --zone=public --add-icmp-block=echo-reply





Sources:



https://www.cyberciti.biz/tips/linux-iptables-9-allow-icmp-ping.html



https://www.cyberciti.biz/faq/howto-drop-block-all-ping-packets/



https://crybit.com/iptables-rules-for-icmp/



http://www.tecmint.com/firewalld-rules-for-centos-7/2/






share|improve this answer

























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f867456%2frestrict-to-ping-pc-from-remote-pc%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    4














    Its possible with the following methods:





    1. Setup kernel variable to drop all ping packets (temporary):



      echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

      This instructs the kernel to simply ignore all ping
      requests (ICMP type 0 messages)




      • To re-enable:



        echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all





    2. Add following line to /etc/sysctl.conf file, append this line (permanent solution to step one):



      net.ipv4.icmp_echo_ignore_all = 1

      Reload with sysctl -p



    3. Use iptables by setting the ICMP (Internet Control Message Protocol):





      • Add these lines:



        iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP

        OR

        iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP





    4. If using firewalld:





      • Check ICMP types available



        firewall-cmd --get-icmptypes



      • We are after echo-reply, so apply block



        firewall-cmd --zone=public --add-icmp-block=echo-reply





    Sources:



    https://www.cyberciti.biz/tips/linux-iptables-9-allow-icmp-ping.html



    https://www.cyberciti.biz/faq/howto-drop-block-all-ping-packets/



    https://crybit.com/iptables-rules-for-icmp/



    http://www.tecmint.com/firewalld-rules-for-centos-7/2/






    share|improve this answer






























      4














      Its possible with the following methods:





      1. Setup kernel variable to drop all ping packets (temporary):



        echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

        This instructs the kernel to simply ignore all ping
        requests (ICMP type 0 messages)




        • To re-enable:



          echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all





      2. Add following line to /etc/sysctl.conf file, append this line (permanent solution to step one):



        net.ipv4.icmp_echo_ignore_all = 1

        Reload with sysctl -p



      3. Use iptables by setting the ICMP (Internet Control Message Protocol):





        • Add these lines:



          iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP

          OR

          iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP





      4. If using firewalld:





        • Check ICMP types available



          firewall-cmd --get-icmptypes



        • We are after echo-reply, so apply block



          firewall-cmd --zone=public --add-icmp-block=echo-reply





      Sources:



      https://www.cyberciti.biz/tips/linux-iptables-9-allow-icmp-ping.html



      https://www.cyberciti.biz/faq/howto-drop-block-all-ping-packets/



      https://crybit.com/iptables-rules-for-icmp/



      http://www.tecmint.com/firewalld-rules-for-centos-7/2/






      share|improve this answer




























        4












        4








        4







        Its possible with the following methods:





        1. Setup kernel variable to drop all ping packets (temporary):



          echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

          This instructs the kernel to simply ignore all ping
          requests (ICMP type 0 messages)




          • To re-enable:



            echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all





        2. Add following line to /etc/sysctl.conf file, append this line (permanent solution to step one):



          net.ipv4.icmp_echo_ignore_all = 1

          Reload with sysctl -p



        3. Use iptables by setting the ICMP (Internet Control Message Protocol):





          • Add these lines:



            iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP

            OR

            iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP





        4. If using firewalld:





          • Check ICMP types available



            firewall-cmd --get-icmptypes



          • We are after echo-reply, so apply block



            firewall-cmd --zone=public --add-icmp-block=echo-reply





        Sources:



        https://www.cyberciti.biz/tips/linux-iptables-9-allow-icmp-ping.html



        https://www.cyberciti.biz/faq/howto-drop-block-all-ping-packets/



        https://crybit.com/iptables-rules-for-icmp/



        http://www.tecmint.com/firewalld-rules-for-centos-7/2/






        share|improve this answer















        Its possible with the following methods:





        1. Setup kernel variable to drop all ping packets (temporary):



          echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

          This instructs the kernel to simply ignore all ping
          requests (ICMP type 0 messages)




          • To re-enable:



            echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all





        2. Add following line to /etc/sysctl.conf file, append this line (permanent solution to step one):



          net.ipv4.icmp_echo_ignore_all = 1

          Reload with sysctl -p



        3. Use iptables by setting the ICMP (Internet Control Message Protocol):





          • Add these lines:



            iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP

            OR

            iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP





        4. If using firewalld:





          • Check ICMP types available



            firewall-cmd --get-icmptypes



          • We are after echo-reply, so apply block



            firewall-cmd --zone=public --add-icmp-block=echo-reply





        Sources:



        https://www.cyberciti.biz/tips/linux-iptables-9-allow-icmp-ping.html



        https://www.cyberciti.biz/faq/howto-drop-block-all-ping-packets/



        https://crybit.com/iptables-rules-for-icmp/



        http://www.tecmint.com/firewalld-rules-for-centos-7/2/







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Jan 3 '17 at 15:09

























        answered Jan 3 '17 at 13:42









        George UdosenGeorge Udosen

        20.5k94467




        20.5k94467






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f867456%2frestrict-to-ping-pc-from-remote-pc%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            GameSpot

            日野市

            Tu-95轟炸機