WittCode💻

Blocking Pings

By

Learn how to block ICMP ping requests using iptables. We will also learn what a ping is and how to add and remove firewall rules.

Table of Contents 📖

Disclaimer

Note that blocking pings is not the best idea for security. Pings are a useful diagnostic tool and not often a very effective denial-of-service attack. This is more so just a demonstration of what you can do with firewalls.

What is a Ping?

A ping is an ICMP echo-reply message commonly used to test a network connection. Specifically, the client sends a ICMP echo request to a server and the server responds with an echo reply packet. Most operating systems come with the ping command.

ping -c 4 31.220.55.159

PING 31.220.55.159 (31.220.55.159): 56 data bytes
64 bytes from 31.220.55.159: icmp_seq=0 ttl=47 time=114.246 ms
64 bytes from 31.220.55.159: icmp_seq=1 ttl=47 time=118.267 ms
64 bytes from 31.220.55.159: icmp_seq=2 ttl=47 time=114.884 ms
64 bytes from 31.220.55.159: icmp_seq=3 ttl=47 time=113.687 ms

--- 31.220.55.159 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 113.687/115.271/118.267/1.781 ms

Here we are sending 4 ICMP echo request packets to 31.220.55.159. All packets are transmitted successfully.

Blocking Ping

Now lets spin up a firewall rule on this server to block these packets. A firewall is a network security device that monitors and controls network traffic. Firewalls are configured to follow a set of rules. Linux provides us with iptables, a utility command to manage firewalls.

iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

This command creates a firewall rule to block all incoming ICMP echo-request packets. Firewalls consist of a set of rules to control network traffic.

  • -A - Appends the rule to the end of the chain. A chain is a collection of rules.
  • INPUT - Specifies that this rule is for incoming packets, packets going to our server.
  • -p - Specifies the protocol. Can be one of tcp, udp, icmp, or all.
  • --icmp-type - Specifies the ICMP type. Here we are dropping all ICMP echo-request packets.
  • -j - The action taken if the packet matches the rule. DROP makes the connection appear to be unoccupied.

Now when we re-run the ping command, notice how all packets are lost.

ping -c 4 31.220.55.159

PING 31.220.55.159 (31.220.55.159): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2

--- 31.220.55.159 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss

Removing the Rule

If we decide we no longer want to block ping requests, we can remove the rule.

iptables -L INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    DROP       icmp --  anywhere             anywhere             icmp echo-request

iptables -D INPUT 1

Here we delete the rule by using its line number.