How to Enable or Disable Ping on Linux: Kernel and iptables Settings

Linux allows ICMP echo (ping) responses by default, but whether a system actually replies is controlled by two factors: a kernel parameter and the firewall configuration. Both must permit ping; if either blocks it, ping fails.

Kernel Parameter Configuration

Temporary change : modify the runtime value in /proc/sys/net/ipv4/icmp_echo_ignore_all. Setting the value to 0 enables ping, while 1 disables it.

# To temporarily disable ping (set to 1). Change to 0 to enable.
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

Permanent change : add a line to /etc/sysctl.conf and reload the settings.

# Add this line to /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all=1
# Apply the new configuration
sysctl -p

After editing, run sysctl -p to make the change effective. Replace 1 with 0 in the above line if you want to permanently enable ping.

Firewall (iptables) Configuration

These commands assume the kernel parameter is at its default (ping allowed). Use iptables to explicitly allow or block ICMP traffic.

Allow ping :

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

You can also temporarily stop the firewall entirely: service iptables stop Block ping (drop incoming echo requests):

iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -j DROP

With these kernel and iptables settings, you can control whether your Linux host responds to ping requests.