should i block all ping requests?

Tekomo Nakama

7/11/24, 9:09 PM

My intention is seek for protection, no needed to be a server, so i whant to avoid all kinds of SSDP, i've found some codes and need to know if its enough or too much:

iptables -I INPUT 1 -p icmp -j DROP

iptables -I INPUT -p icmp --icmp-type 0 -j DROP 

iptables -I INPUT -p icmp --icmp-type 8 -j DROP

iptables -I INPUT -p icmp --icmp-type echo-reply -j DROP

iptables -I INPUT -p icmp --icmp-type echo-request -j DROP

iptables -I INPUT -p icmp --icmp-type echo-reply -m state --state NEW,ESTABLISHED,RELATED -j DROP

iptables -I INPUT -p icmp --icmp-type echo-request -m state --state NEW,ESTABLISHED,RELATED -j DROP

iptables -I OUTPUT 1 -p icmp -j DROP

iptables -I OUTPUT -p icmp --icmp-type 0 -j DROP

iptables -I OUTPUT -p icmp --icmp-type 8 -j DROP

iptables -I OUTPUT -p icmp --icmp-type echo-reply -j DROP 

iptables -I OUTPUT -p icmp --icmp-type echo-request -j DROP 

iptables -I OUTPUT -p icmp --icmp-type echo-reply -m state --state NEW,ESTABLISHED,RELATED -j DROP

iptables -I OUTPUT -p icmp --icmp-type echo-request -m state --state NEW,ESTABLISHED,RELATED -j DROP

I've heard about tables mangle and raw, should i use them too?

0 + 5

iptables

security

networking

ping

Thomas Ward

7/11/24, 9:26 PM

Why not just deny all traffic you don't trust to your server? SSDP and service discovery happen on *all* ports not just with PINGs. It's far simpler and more secure to *deny* all traffic and only *allow* the traffic you want to allow than the inverse. You don't need mangle, RAW, or NAT to block the traffic either

Tekomo Nakama

7/11/24, 9:41 PM

change the policy, right? its also block ping and SSDP traffics? sometimes i need to connect to publics wifi networks, so just want to get best protection

Doug Smythies

7/11/24, 9:41 PM

I posted a very simple starting point iptables rule set for a question a couple of years ago. [here](https://askubuntu.com/questions/1368071/iptables-that-only-allow-incoming-traffic-to-openssh-and-block-all-other-traffic).

Tekomo Nakama

7/11/24, 9:49 PM

Thanks Man, im gonna try this

waltinator

7/11/24, 9:59 PM

You should not block PING requests. Ping is an important IP diagnostic tool that transmits no data (unless it's misused, but that takes both ends). Since you're not a server, it's unlikely you'll receive a "Ping of Death" https://en.wikipedia.org/wiki/Ping_of_death packet, and still more unlikely that it will make you sick.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: should i block all ping requests?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.