禁止ping的方法

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了禁止ping的方法相关的知识,希望对你有一定的参考价值。

操作系统环境:CentOS release 6.9 (Final)

  目标:禁止Linux系统被ping

本地服务器操作:IP: 101.132.79.69

[[email protected] ~]# ping 113.195.210.151151   #ping 目标服务器OK

PING 113.195.210.151 (113.195.210.151) 56(84) bytes of data.

64 bytes from 113.195.210.151: icmp_seq=1 ttl=52 time=21.6 ms

64 bytes from 113.195.210.151: icmp_seq=2 ttl=52 time=21.7 ms

64 bytes from 113.195.210.151: icmp_seq=3 ttl=52 time=21.6 ms

64 bytes from 113.195.210.151: icmp_seq=4 ttl=52 time=21.6 ms

--- 113.195.210.151 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3670ms

rtt min/avg/max/mdev = 21.630/21.660/21.724/0.110 ms


目标服务器操作如下:

[[email protected] ~]# tail  -l  /etc/sysctl.conf

kernel.msgmnb = 65536

# Controls the maximum size of a message, in bytes

kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes

kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages

kernel.shmall = 4294967296

[[email protected] ~]# echo "net.ipv4.icmp_echo_ignore_all=1"  >>/etc/sysctl.conf

[[email protected] ~]# tail -l /etc/sysctl.conf                                  

# Controls the maximum size of a message, in bytes

kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes

kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages

kernel.shmall = 4294967296

net.ipv4.icmp_echo_ignore_all=1


[[email protected] ~]# sysctl  -p   #文件立即生效

net.ipv4.ip_forward = 0

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmmax = 68719476736

kernel.shmall = 4294967296

net.ipv4.icmp_echo_ignore_all = 1

 

[[email protected] ~]# ping 113.195.210.151       #ping不通目标服务IP

PING 113.195.210.151 (113.195.210.151) 56(84) bytes of data.


说明:禁止ping的方法不是最佳策略,我们自己也无法通过ping 检查了。其实比较好的策略是通过iptables 设置让特定的IP可以ping。

例如:设置内网用户可以ping

iptables –t filter –I INPUT –p icmp –icmp-type 8 –I eth0 –s  10.0.0.0/24 –j  ACCEPT



以上是关于禁止ping的方法的主要内容,如果未能解决你的问题,请参考以下文章

Linux禁止ping和开启ping的方法

CentOS禁止ping以及开启ping的方法

Linux防火墙禁止ping的方法

局域网电脑禁止ping通的解决方法

Linux下禁止ping最简单的方法

Linux下禁止别人ping自己服务器的方法