How to disable Windows & Linux servers ping summary
HTTPS: // www.cnblogs.com/kerrycode/p/8043979.html
see Chart to see the original
Sometimes you ping some servers or websites, you will find the ping fails, this is because the other side for safety reasons ( Security reason ) or avoid network congestion ( Avoid Network Congestion ) and other reasons, disabled ping. ping except in network diagnostics, but also to find potential targets to provide a convenient network attacks; does not respond to ping the system can reduce the security risk. Such as Ping Flood attacks (Ping of Death). The following summarizes how Linux or Windows are some of the ways to disable the ping command.
Linux server
Linux systems can be disabled via ping or firewall system kernel parameters, let's take a look at how to stop the ping command kernel parameters.
Disable kernel parameter ping
If you want to disable ping, only need to set the kernel parameters icmp_echo_ignore_all, if this parameter is set to a non 0, Linux will ignore all ICMP_ECHO request packet.
[root@DB-Server ~]# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
This command will take effect immediately, if you need to enable ping command, this parameter can be set to 0.
[root@DB-Server ~]# echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Of course, this setting only take effect for the current environment, if the server is rebooted, this setting will be invalid. If you want permanent, you can increase the /etc/sysctl.conf parameters net.ipv4.icmp_echo_ignore_all = 1 in the configuration file, then use sysctl -p bring it into force. Of course, you can also use the following command to achieve:
Prohibit ICMP packet traffic
echo net.ipv4.icmp_echo_ignore_all=1 >>/etc/sysctl.conf
Allow ICMP packet access
echo net.ipv4.icmp_echo_ignore_all=0 >>/etc/sysctl.con
Disable the firewall ping
Another way is to disable ping through the firewall level, you can use the following command
# iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -j DROP
After executing the above command will in / etc / sysconfig / iptables inside more professional following such a rule. Then use the command service iptables restart restart firewall services, you can not ping the
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
Individuals in the test and found that if the / etc / sysconfig / iptables inside if there is a rule below, then the above command will not take effect. Therefore, the use command, and finally check the configuration file.
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
Of course, you can set up a direct iptables configuration files in / etc / sysconfig / iptables inside, directly modify
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT #允许ping
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j DROP #禁止ping
Note that different versions of the firewall settings may differ, there has only been tested in RHEL 5 below, did not test other platforms.
Windows Server
The firewall blocks ping
Windows Server 2012 with the following columns (different operating systems may have some differences), after running WF.MSC command in the " Advanced Security Windows Firewall " to find the following a few rules of inbound rule (Inbound Rules) inside:
File and printer sharing (echo request -ICMP v4-In) File and Printer Sharing (Echo Request - ICMPv4-In)
File and printer sharing (echo request -ICMP v6-In) File and Printer Sharing (Echo Request - ICMPv6-In)
Note that, as shown below may be multiple rules, the reason is because the values are different (Private, Public, Domain) Profile of the IPV4 and IPV6, and behind the sake
As shown below, in operation (Action) choose to block connection ( " Block at The Connecting " ), if this rule is not enabled, you can enable or opt-in rules ( " the Enable " ) option will take effect after click Apply. Further, IPV4 and IPV6 attention to the selection rule based on the actual situation.
IP strategy to achieve server prohibit Ping
(Experimental environment for Windows Server 2012 R2) Click Start → Administrative Tools → Local Security Policy " , open the " Local Security Settings " dialog box, right-click the box to the left of " IP Security Policies on Local Computer " option, click on " create IP security policy " , and as shown below, step-by-step configuration.
Named IP filter for " Disabled the Ping Security Policy " , the language can be described as " IP security policies to prevent PING " , then click [Next] button.
Then click [Next]
Select Edit Properties
Once created, the security policy does not take effect immediately, we need to pass the " assigned " to make it work. Right-click " Local Security Settings " on the right side of the dialog box [Disabled Ping Security Policy] strategy, the Executive line "assignment" (Assign) command Order to enable the policy. Overall, the level of firewall disable ping to be convenient, fast and a lot, IP security policy to disable PING feel very cumbersome.
References:
If you really think the article is well written, but also for your help, I might play a little reward it, if cash-strapped, might help "Recommended" about your "recommended" and "a reward" will be my biggest writing power!
This article belongs to the author of all, welcome to reprint, but without the author's consent declared by this section must be retained, and given the original connection in the apparent position of the article page.