The Internet Control Message Protocol (ICMP) has many messages that are identified by a "type" field. You need to use 0 and 8 ICMP code types.
=>
Zero (0) is for echo-reply
=>
Eight (8) is for echo-request.
To enable ICMP ping incoming client request use following iptables rule (you need to add following rules to script).
My default firewall policy is blocking everything.
Task: Enable or allow ICMP ping incoming client requestRule to enable ICMP ping incoming client request ( assuming that default iptables policy is to drop all INPUT and OUTPUT packets)
SERVER_IP="202.54.10.20"
iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -d $SERVER_IP -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -s $SERVER_IP -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT
Task: Allow or enable outgoing ping requestSERVER_IP="202.54.10.20"
iptables -A OUTPUT -p icmp --icmp-type 8 -s $SERVER_IP -d 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -s 0/0 -d $SERVER_IP -m state --state ESTABLISHED,RELATED -j ACCEPT
How do I disable outgoing ICMP request?Use the following rules:
iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
or
iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP
ICMP echo-request type will be block by above rule.
See
ICMP TYPE NUMBERS (type fields). You can also get list of ICMP types, just type following command at shell prompt:
# /sbin/iptables -p icmp -h
