Otu esi egbochi arịrịọ Ping ICMP na sistemụ Linux


Ụfọdụ ndị na-ahụ maka sistemụ na-egbochikarị ozi ICMP na sava ha iji zoo igbe Linux na mpụga ụwa na netwọkụ siri ike ma ọ bụ gbochie ụdị idei mmiri IP na ịgọnarị mwakpo ọrụ.

Ụzọ kachasị mfe iji gbochie iwu ping na sistemụ Linux bụ site n'ịgbakwunye iwu iptables, dị ka egosiri na ihe atụ dị n'okpuru. Iptables bụ akụkụ nke Linux kernel netfilter na, na-emekarị, a na-etinye ya na ndabara na ọtụtụ gburugburu Linux.

# iptables -A INPUT --proto icmp -j DROP
# iptables -L -n -v  [List Iptables Rules]

Usoro izugbe ọzọ nke igbochi ozi ICMP na sistemụ Linux gị bụ ịgbakwunye mgbanwe kernel dị n'okpuru nke ga-adaba ngwugwu ping niile.

# echo “1” > /proc/sys/net/ipv4/icmp_echo_ignore_all

Iji mee ka iwu a dị n'elu ga-adịgide adịgide, tinye akara na-esonụ na faịlụ /etc/sysctl.conf na, emesịa, tinye iwu na sysctl iwu.

# echo “net.ipv4.icmp_echo_ignore_all = 1” >> /etc/sysctl.conf 
# sysctl -p

Na nkesa Linux dabeere na Debian nke na-ebu ngwa ngwa UFW, ị nwere ike igbochi ozi ICMP site na ịgbakwunye iwu na-esonụ na /etc/ufw/before.rules faịlụ, dị ka e gosiri na n'okpuru ebe a.

-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

Malitegharịa ekwentị UFW iji tinye iwu a, site na ịnye iwu ndị a.

# ufw disable && ufw enable

Na CentOS ma ọ bụ Red Hat Enterprise Linux nkesa na-eji Firewalld interface iji jikwaa iwu iptables, tinye iwu dị n'okpuru iji dobe ozi ping.

# firewall-cmd --zone=public --remove-icmp-block={echo-request,echo-reply,timestamp-reply,timestamp-request} --permanent	
# firewall-cmd --reload

Iji nwalee ma ọ bụrụ na etinyerela iwu firewall nke ọma n'okwu niile a tụlere n'elu, gbalịa tinye adreesị IP Linux gị site na sistemụ dịpụrụ adịpụ. Ọ bụrụ na egbochiri ozi ICMP na igbe Linux gị, ị ga-enweta ozi \Arịrịọ agwụla ma ọ bụ Njedebe Ọbịa na-agaghị enweta na igwe dịpụrụ adịpụ.