How can I block ping with the APF firewall?
You need to disable your server to respond to ICMP requests. Although "ping" uses TCP/IP Port, the Protocol is ICMP and NOT TCP/UDP, which is a network "control" protocol.
You have several options:
vi /etc/sysctl.conf
and add this directive:
Code:
net.ipv4.icmp_echo_ignore_all = 1
Save, close and restart iptables.
Now, you won't be able to ping external interfaces.
If you wish to block ping echo reply or requests, you can use this rule with IPtables:
iptables -A INPUT -p icmp --icmp-type 8 -s SourceIPAddress -j DROP
OR
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP to block incomming pings
OR
iptables -A OUTPUT -p icmp -o eth0 -j DROP
echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all
which will drop all echo reply. Overall, you need to be very careful as ping is needed by different services/networks.
Use at your own risk.