How to block ping (ICMP) requests using ufw

Posted by : on

Category : Infrastructure

Why would you want to read this article

I have a server where I deploy my applications. I’m using ufw (UncomplicatedFireWall) for firewall. I blocked everything except 2 ports: 443, 80. At some point I wanted to make my server unreachable for ping requests.

But whatever I tried it did not work, because ping underhood is using ICMP (Internet Control Message Protocol) echo requests.

In this article we are going to make our server block all ping requests, in case you need to do it.

Install UFW

The prerequisite for this is to have a ufw tool installed

sudo apt install ufw

Disable ping

Edit /etc/ufw/before.rules

Comment these lines (I’m using nano, but you also can use default vim)

# commenting the lines below to block ping requests (icmp protocol) by ufw

# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

# ok icmp code for FORWARD
-A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT

So it becomes this:


Check it works

Let’s try to ensure ping request is still working before we restarted ufw:


Restart & Make sure it does not work

ufw reload

And then try ping request again:



Hope it helps. I am not sure what can be the reason to do it, I guess you have one.

Please subscribe to my social media to not miss updates.: Instagram, Telegram

I’m talking about life as a Software Engineer at Microsoft.

Besides that, my projects:

Symptoms Diary:


About Andrii Bui

Hi, my name is Andrii. I'm Software Engineer at Microsoft with 5 years of experience.