I want to disable ping response all the time on my Ubuntu operating system, the following commands work but only until the system reboots:
Ping off:
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
Ping on:
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
How would I be able to leave echo off even after having rebooted my laptop?
How would I be able to leave echo off even when I am rebooting my laptop?
You can use one of the following three ways (as root):
/etc/sysctl.confAdd the following line to your /etc/sysctl.conf:
net.ipv4.icmp_echo_ignore_all=1
Then:
sysctl -p
iptables -I INPUT -p icmp --icmp-type echo-request -j DROP
Run crontab -e as root, then add the following line:
@reboot echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
Start and enable the service:
systemctl start cron.service
systemctl enable cron.service
Note that if you are using UFW and trying to apply the net.ipv4.icmp_echo_ignore_all setting in /etc/sysctl.conf, you may find that this does not have any effect after a reboot. In that case, have a look for the same setting in /etc/ufw/sysctl.conf and change it there.
In Debian-based Linux distributions that ship with UFW application firewall, you can block ICMP messages by adding the following rule to /etc/ufw/before.rules file:
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP
