linux solutions for business, disable ping

How to deny ICMP ping requests on Ubuntu 18.04 Bionic Beaver Linux Desktop

In Computer Validation or Verification (these two scopes are different!) often are needed different approaches to achieve the purpose of single tasks or whole project scope. Sometime it is important to check parts of the network infrastructure if they receive pings or not. For the purpose you need to disable ping command to selected equipment running Ubuntu Linux.

A good Qualification or Verification plan can address these needs. Example of simple consists of a Qualification plan is shown below:

  1. Purpose and Scope 2
  2. Organization, Roles and Responsibilities of the Qualification Team 2
  3. Description of Project 3
  4. Process Systems 7
  5. Process Supporting Systems 9
  6. Data Migration 9
  7. Quality Risk Management Approach 10
  8. Managing Changes 10
  9. Maintenance Management 11
  10. Alarm Management 11
  11. Qualification Approach 12
  12. - Qualification Project Phases 13
  13. - Installation & Operational Qualification (IQ/OQ) 15
  14. - Performance Qualification (PQ) 18
  15. Supplier Assessments 19
  16. Attachments to Qualification Documents 19
  17. Format of Qualification Protocols and Reports 20
  18. Management of Qualification Documents 20
  19. Reference Procedures 21
  20. Qualification Project Summary Report 21
  21. Abbreviations 21
  22. References 21
  23. Appendices 22

Objectives

The objective is to configure the default UFW firewall on Ubuntu 18.04 to deny any incoming ICMP ping requests for selected Desktop computer running Ubuntu 18.04 Bionic Beaver.

Requirements

Privileged access sudo to to your Ubuntu 18.04 Bionic Beaver is required.

  • Variant I: Update the rules of UFW

In order to deny any incoming ICMP ping requests you have to modify/etc/ufw/before.ruleswhich is the UFW configuration file. First you have to make a back-up copy as:

sudo cp /etc/ufw/before.rules /etc/ufw/before.rules_backup

Next one is to open the file with root privileges using your text editor and change as:
FROM:

# ok icmp codes for INPUT

-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT

-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT

-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT

-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT

-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

TO:

# ok icmp codes for INPUT

-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP

-A ufw-before-input -p icmp --icmp-type source-quench -j DROP

-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP

-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP

-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

We don’t recommend to use a root password and log in as root user in Ubuntu continuously. If you haven’t set a root password, but you need it, then set it to deny ICMP ping just for the test during Verification or Computer Qualification, after tests are completed we strongly recommend to disable root user and password again.

  • Variant II: Use SED command

Alternatively to Variant I you can use sed command to perform the changes as:

sudo sed -i '/ufw-before-input.*icmp/s/ACCEPT/DROP/g' /etc/ufw/before.rules

Now you have to disable Firewall as: 

sudo ufw disable

Then enable Firewall again as:

sudo ufw enable

Or reload as:

sudo ufw reload 

That’s all.