Recipe 2.15 Preventing pings

2.15.1 Problem

You don't want remote sites to receive responses if they ping you.

2.15.2 Solution

For iptables :

# iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

For ipchains:

# ipchains -A input -p icmp --icmp-type echo-request -j DENY

2.15.3 Discussion

In this case, we use DROP and DENY instead of REJECT. If you're trying to hide from pings, then replying with a rejection kind of defeats the purpose, eh?

Don't make the mistake of dropping all ICMP messages, e.g.:

WRONG!! DON'T DO THIS!
# iptables -A INPUT -p icmp -j DROP

because pings are only one type of ICMP message, and you might not want to block all types. That being said, you might want to block some others, like redirects and source quench. List the available ICMP messages with:

$ iptables -p icmp -h
$ ipchains -h icmp

2.15.4 See Also

iptables(8), ipchains(8). The history of ping, by its author, is at http://ftp.arl.mil/~mike/ping.html.