Objective

The objective is to configure the default UFW firewall on Ubuntu 18.04 to deny any incoming ICMP ping requests.

Operating System and Software Versions

  • Operating System: - Ubuntu 18.04 Bionic Beaver

Requirements

Privileged access to to your Ubuntu 18.04 Bionic Beaver installation will be required.

Difficulty

EASY

Conventions

  • # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ - requires given linux commands to be executed as a regular non-privileged user

Instructions

Update UFW rules

In order to deny any incoming ICMP ping requests we need to modify /etc/ufw/before.rules UFW's configuration file. First, make a backup copy:
$ sudo cp /etc/ufw/before.rules /etc/ufw/before.rules_backup
Next, open the file with root privileges using your favorite text editor and change:
FROM:
# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
TO:
 # ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP


Alternatively, use the below sed command to perform the change:
$ sudo sed -i '/ufw-before-input.*icmp/s/ACCEPT/DROP/g' /etc/ufw/before.rules

Enable Firewall

Enable UFW firewall using the following linux command:
$ sudo ufw enable
Alternatively, if your firewall is already enabled you can reload it with:
$ sudo ufw reload
ARE YOU LOOKING FOR A LINUX JOB?
Submit your RESUME or create a JOB ALERT on LinuxCareers.com job portal.
DO YOU NEED ADDITIONAL HELP?
Get extra help by visiting our LINUX FORUM or simply use comments below.