Instructions
Update UFW rules
In order to deny any incoming ICMP ping requests we need to modify /etc/ufw/before.rules UFW’s configuration file. First, make a backup copy:
$ sudo cp /etc/ufw/before.rules /etc/ufw/before.rules_backup
Next, open the file with root privileges using your favorite text editor and change:
FROM:
# ok icmp codes for INPUT
-A ufw-before-input -p icmp –icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp –icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp –icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp –icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp –icmp-type echo-request -j ACCEPT
TO:
# ok icmp codes for INPUT
-A ufw-before-input -p icmp –icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp –icmp-type source-quench -j DROP
-A ufw-before-input -p icmp –icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp –icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp –icmp-type echo-request -j DROP
Alternatively, use the below sed command to perform the change:
$ sudo sed -i ‘/ufw-before-input.*icmp/s/ACCEPT/DROP/g’ /etc/ufw/before.rules
Enable Firewall
Enable UFW firewall using the following linux command:
$ sudo ufw enable
Alternatively, if your firewall is already enabled you can reload it with:
$ sudo ufw reload |