How to deny ICMP ping requests

[复制链接]
查看: 9164   回复: 3
发表于 2023-12-22 05:06:57 | 显示全部楼层 |阅读模式
Instructions
Update UFW rules
In order to deny any incoming ICMP ping requests we need to modify /etc/ufw/before.rules UFW’s configuration file. First, make a backup copy:

$ sudo cp /etc/ufw/before.rules /etc/ufw/before.rules_backup
Next, open the file with root privileges using your favorite text editor and change:

FROM:

# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
TO:

# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

Alternatively, use the below sed command to perform the change:

$ sudo sed -i '/ufw-before-input.*icmp/s/ACCEPT/DROP/g' /etc/ufw/before.rules
Enable Firewall
Enable UFW firewall using the following linux command:

$ sudo ufw enable
Alternatively, if your firewall is already enabled you can reload it with:

$ sudo ufw reload
回复

使用道具 举报

发表于 2023-12-22 05:07:14 | 显示全部楼层
不方便,自己都看不到
回复 支持 反对

使用道具 举报

发表于 2023-12-22 05:08:13 | 显示全部楼层
不方便,有没有被墙都不知道
回复 支持 反对

使用道具 举报

发表于 2023-12-22 05:08:22 | 显示全部楼层
okay,I zhi dao le.
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则