一,永久性关闭响应ping
查看默认是否允许ping:
[root@blog gsapi]# cat /proc/sys/net/ipv4/icmp_echo_ignore_all
0说明:(0表示允许,1表示禁止)
编辑sysctl.conf
[root@blog gsapi]# vi /etc/sysctl.conf增加一行:
# ignore ping
net.ipv4.icmp_echo_ignore_all = 1使生效:
[root@blog gsapi]# sysctl -p
...
net.ipv4.icmp_echo_ignore_all = 1测试效果:从其他机器上ping:
[lhdop@web ~]$ ping 8.40.7.17
PING 8.40.7.17 (8.40.7.17) 56(84) bytes of data.
^C
--- 8.40.7.17 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 191ms二,临时性关闭响应ping
如果机器重启会失效
默认允许ping:
[lhdop@blog ~]$ cat /proc/sys/net/ipv4/icmp_echo_ignore_all
0修改sysctl中的值
[root@blog ~]# sysctl -w net.ipv4.icmp_echo_ignore_all=1
net.ipv4.icmp_echo_ignore_all = 1查看效果:
[root@blog ~]# cat /proc/sys/net/ipv4/icmp_echo_ignore_all
1三,另外一个临时性办法:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all标签:ping,防火墙,echo,ignore,ipv4,linux,net,icmp From: https://www.cnblogs.com/architectforest/p/18388490