CentOS7 block icmp package

In procuction environment, we need to set disable ping for some servers.

Check operation system version:

[root@vm_666 ~]# cat /etc/redhat-release

CentOS Linux release 7.3.1611 (Core)

[root@vm_666 ~]# sysctl net.ipv4.icmp_echo_ignore_all

net.ipv4.icmp_echo_ignore_all = 0

[root@vm_666 ~]# sysctl net.ipv4.icmp_echo_ignore_broadcasts

net.ipv4.icmp_echo_ignore_broadcasts = 1

After setting this , ping has been disabled.

But , If you restart this server, The server can be ping again. In other words,

The original configuration has recovered.

How to make this setting take effect persistently?You can write this configuration to kernel parameter file.

[root@vm_666 ~]# echo “net.ipv4.icmp_echo_ignore_all = 1”>>/etc/sysctl.conf

[root@vm_666 ~]# sysctl -p

net.ipv4.icmp_echo_ignore_all = 1

 

The following settings can also drop ping package.

[root@vm_666 ~]# firewall-cmd –permanent –add-rich-rule=’rule protocol value=icmp drop’

success

[root@vm_666 ~]# firewall-cmd –reload

success

You can have a try!