Linux: How to block ping using UFW


Step 1: backup before.rules

cp /etc/ufw/before.rules /etc/ufw/before.rules_backup

Step 2: edit file /etc/ufw/before.rules

Change:

# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

change before.rules

change ACCEPT to DROP, we have:

# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

You can do this step by one command:

sed -i -E 's/(-A ufw-before-input -p icmp --icmp-type .* -j )ACCEPT/\1DROP/g' /etc/ufw/before.rules

Step 3: reload UFW service

sudo ufw reload

Leave a Reply