Allow / deny ping on Linux server using CSF Firewall

On this post we will learn how to allow / deny ping on Linux servers, this is useful for both plain CentOS / Ubuntu servers running CSF Firewall, as well as cPanel based servers. But first, let’s learn what is ICMP after all.

What is ICMP?

ICMP means Internet Control Message Protocol, it is an important part of the part of the internet protocol suite because it is widely used by millions of networks around the globe day by day.

Servers, computers, network devices such as routers, gateways and more use the ICMP protocol to indicate the state of the network on the host where it is running. If enabled, ICMP will report if the host is down or unreacheable for some reason.

Lot of internet connection diagnosis tools like ping and traceroute use ICMP to detect network failures on remote servers.

How can I allow / deny ping on Linux if I’m using CSF firewall?

If you are using CSF firewall on a plain server (like CentOS, RHEL, Ubuntu or Debian), you can always edit the csf.conf main configuration file. Let’s see an example:

nano -w /etc/csf/csf.conf

Now look for this variable: “ICMP_IN” and set it to “0”, as you see below:

ICMP_IN = "0"
ICMP IN configuration on CSF firewall - Allow / deny ping on Linux server using CSF Firewall
Fig. 01. ICMP_IN configuration on CSF firewall

Once you are done, restart CSF firewall to apply changes:

csf -r

Enable / Disable PING (ICMP) using CSF WHM interface

If you are using cPanel on your server the CSF Firewall ICMP configuration can be altered from WHM control panel from:

WHM » Plugins » ConfigServer Security & Firewall

Now edit the configuration file from ‘Firewall Configuration’ button, as you see below:

Firewall Configuration CSF Firewall on WHM - Allow / deny ping on Linux server using CSF Firewall
Fig. 02. Firewall Configuration – CSF Firewall on WHM

Search for “ICMP_IN” variable, and set it to Off, as you see below:

Disable and Enable ICMP on Linux using CSF - Allow / deny ping on Linux server using CSF Firewall
Fig. 03. Allow / deny ping on Linux is easy if you use CSF Firewall interface on WHM altering the ICMP_IN variable

Save and restart by hitting “Change” button at the bottom of the page. After that, click “Restart csf + lfd” button to apply the changes.

Conclusion

While ping can not be a direct factor of system vulnerability, it allows a remote attacker to know when your server has network response again using the ICMP protocol. The best solution to prevent this is simply enabling ICMP but only for the whitelists hosts we have inside the csf.allow and csf.ignore files.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

What virtualization software do you use?

We use Parallels Virtuozzo Containers (PVC).

Why is my VPS constantly crashing?

There are several causes to why you may not be able to access your VPS. Some users often mistake...

What kind of support do you offer?

We offer Fully Managed VPS packages. For a list of items that we support, please refer to the...

What kind of software can I install on my VPS?

As you have full root access, you may install any compatible software on your VPS. However, any...

What is Virtuozzo?

Virtuozzo is the VPS technology created by SWsoft which allow us to create isolated VPS servers...