[LINUX][RHEL6] 리눅스 서버에 ICMP Ping 패킷 차단하기

[LINUX] 리눅스 서버에 ICMP Ping 패킷 차단하기

 

1. ICMP Ping 응답확인

Ping 명령을 통해 패킷 4개만 전송해보자

   

[root@rhel6-test ~]# ping -c 4 localhost

PING localhost (127.0.0.1) 56(84) bytes of data.

64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.013 ms

64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.026 ms

64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.025 ms

64 bytes from localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.025 ms

   

--- localhost ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3000ms

rtt min/avg/max/mdev = 0.013/0.022/0.026/0.006 ms

   

2. 차단적용

# sysctl -w net.ipv4.icmp_echo_ignore_all=1

net.ipv4.icmp_echo_ignore_all = 1

   

3. 현재적용 값 확인

# sysctl net.ipv4.icmp_echo_ignore_all

net.ipv4.icmp_echo_ignore_all=1

   

4. 다시 ICMP Ping 응답확인

[root@rhel6-test ~]# ping -c 4 localhost

PING localhost (127.0.0.1) 56(84) bytes of data.

--- localhost ping statistics ---

4 packets transmitted, 0 received, 100% packet loss, time 13000ms

-- 응답이 없음 확인

   

   

5. 리부팅시에도 적용

[root@rhel6-test ~]# vi /etc/sysctl.conf

net.ipv4.icmp_echo_ignore_all=1

   

6. 파라미터 적용확인

[root@rhel6-test ~]# sysctl -a | grep net.ipv4.icmp_echo_ignore_all

net.ipv4.icmp_echo_ignore_all = 1