Why would you want to read this article
I have a server where I deploy my applications. I’m using ufw (UncomplicatedFireWall) for firewall. I blocked everything except 2 ports: 443, 80. At some point I wanted to make my server unreachable for ping requests.
But whatever I tried it did not work, because ping underhood is using ICMP (Internet Control Message Protocol) echo requests.
In this article we are going to make our server block all ping requests, in case you need to do it.
Install UFW
The prerequisite for this is to have a ufw tool installed
sudo apt install ufw
Disable ping
Edit /etc/ufw/before.rules
Comment these lines (I’m using nano, but you also can use default vim)
# commenting the lines below to block ping requests (icmp protocol) by ufw
# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
# ok icmp code for FORWARD
-A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT
So it becomes this:
Check it works
Let’s try to ensure ping request is still working before we restarted ufw:
Restart & Make sure it does not work
ufw reload
And then try ping request again:
Conclusion
Hope it helps. I am not sure what can be the reason to do it, I guess you have one.
Please subscribe to my social media to not miss updates.: Instagram, Telegram
I’m talking about life as a Software Engineer at Microsoft.
Besides that, my projects:
Symptoms Diary: https://blog.symptom-diary.com
Pet4Pet: https://pet-4-pet.com