Prerequisite
Install the kernel documentation package, if you have not.
$ yum install kernel-doc -y
The package contains several documentation and you can list them all with 'rpm -ql kernel-doc'.
Test Before
$ ping 192.168.122.10
PING 192.168.122.10 (192.168.122.10) 56(84) bytes of data.
64 bytes from 192.168.122.10: icmp_seq=1 ttl=64 time=0.171 ms
Ok. The machine is responding to ping.
Set Kernel Parameter to Ignore Ping (ICMP echo) Request
Now use kernel configuration tool, sysctl, to first list all parameter that contain ICMP.
$ sysctl -a | grep icmp
net.netfilter.nf_conntrack_icmpv6_timeout = 30
net.netfilter.nf_conntrack_icmp_timeout = 30
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ratelimit = 1000
net.ipv4.icmp_ratemask = 6168
net.ipv6.icmp.ratelimit = 1000
To find out what each parameter do read the kernel network ip sysctl documentation.
$ grep -A5 icmp /usr/share/doc/kernel-doc-*/Documentation/networking/ip-sysctl.txt
icmp_echo_ignore_all - BOOLEAN
If set non-zero, then the kernel will ignore all ICMP ECHO
requests sent to it.
Default: 0
...
And to set kernel parameter.
$ sysctl -w net.ipv4.icmp_echo_ignore_all=1
Now test again to ping server and you should not get any respond.
To make the changes permanent.
$ echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf
No comments:
Post a Comment