It should be protected from attacks such as IP Flooding or DDOS, which in fact is the worst of the types of attacks and still has no complete solution to prevent over the world. In this case, servers on the network must hide the outside world. Hiding ICMP packets will be a starting point for this, which should already be hidden for critical servers.
This configuration can be done through firewalls above, but the method we will talk about here is to show that this process can be done in the Linux kernel module, there are many parameters like this in Linux kernel modules and these parameters are examined separately for each process and these parameters are examined individually. It must be configured. The kernel parameter for this change is the module “net.ipv4.icmp_echo_ignore_all. Now we should take a look at how to do these operations, but let’s take a look at what the default parameter of this variable is and see if it is “0”.
sysctl -a | egrep -ie “net.ipv4.icmp_echo_ignore_all”
Then the value should be set to 1 with the “sysctl” command, but this will take effect momentarily, ie when the system restarts, it will return to its default value.
echo “1” > /proc/sys/net/ipv4/icmp_echo_ignore_all
To make this process permanent, it is necessary to write this variable and parameter to et “/etc/sysctl.conf” file.
Can edit “/etc/sysctl.conf” and add “net.ipv4.icmp_echo_ignore_all = 1” with the help of any editor.
or by using the command below.
echo “net.ipv4.icmp_echo_ignore_all = 1” >> /etc/sysctl.conf
You should then reload the sysctl.conf file with the following command and activate the configuration.
I hope it has been a useful article.