文章目录
1、设置防火墙不拦截ICMP报文
- 防火墙放行ICMP
[root@localhost ~]# firewall-cmd --add-protocol=icmp
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols: icmp
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
- 防火墙关闭
[root@localhost ~]# systemctl stop firewalld
2、修改Linux主机不响应ICMP报文
[root@localhost ~]# cat /proc/sys/net/ipv4/icmp_echo_ignore_all
0
[root@localhost ~]# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
- 0:响应;
- 1:不响应;
注意:此文件不可通过vi/vim进行修改,报错如下:
"/proc/sys/net/ipv4/icmp_echo_ignore_all"
"/proc/sys/net/ipv4/icmp_echo_ignore_all" E667: Fsync failed
Press ENTER or type command to continue
3、效果展示
