Skip to content
    • Welcome to the Linux Foundation Forum!

    Exercise 24.1: System Tunables with sysctl

    Posts: 51
    in LFS207 Class Forum

    Hi,

    Somehow I cannot deactivate the ping on my computer...

    1. ┌──(alu@nb)-[~]
    2. └─$ sudo sysctl net.ipv4.icmp_echo_ignore_all=1
    3. net.ipv4.icmp_echo_ignore_all = 1
    4.  
    5. ┌──(alu@nb)-[~]
    6. └─$ ping -c 3 localhost
    7. PING localhost(localhost (::1)) 56 data bytes
    8. 64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.013 ms
    9. 64 bytes from localhost (::1): icmp_seq=2 ttl=64 time=0.055 ms
    10. 64 bytes from localhost (::1): icmp_seq=3 ttl=64 time=0.041 ms
    11.  
    12. --- localhost ping statistics ---
    13. 3 packets transmitted, 3 received, 0% packet loss, time 2048ms
    14. rtt min/avg/max/mdev = 0.013/0.036/0.055/0.017 ms

    What could be the reason?

    Thanks,
    Urs

    Welcome!

    It looks like you're new here. Sign in or register to get started.
    Sign In

    Answers

    • Posts: 1,268

      Hi Urs,

      I just tried it on Ubuntu 24.04 and worked for me.

      1.- What OS and version are you testing with?
      2.- What's the kernel version?

      uname -r

      Regards,
      Luis.

    • Posts: 51

      Hi Luis,

      Thanks for your reply.

      I'm on Debian:

      1. ┌──(alu@nb)-[~]
      2. └─$ cat /etc/os-release 
      3. PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
      4. NAME="Debian GNU/Linux"
      5. VERSION_ID="12"
      6. VERSION="12 (bookworm)"
      7. VERSION_CODENAME=bookworm
      8. ID=debian
      9. HOME_URL="https://www.debian.org/"
      10. SUPPORT_URL="https://www.debian.org/support"
      11. BUG_REPORT_URL="https://bugs.debian.org/"
      12.  
      13. ┌──(alu@nb)-[~]
      14. └─$ uname -r
      15. 6.1.0-25-amd64

      Regards,
      Urs

    • Posts: 1,268
      edited October 2024

      Hi Urs,

      Unfortunately I was able to reproduce the issue on Debian 12 and kernel version 6.1.0-26-amd64.
      So, if I do "cat /proc/sys/net/ipv4/icmp_echo_ignore_all" it gives "1", which should deactivate ping localhost, but it isn't. Also, I got net.ipv4.icmp_echo_ignore_all=1 to /etc/sysctl.conf, restarted the associated service with "service procps force-reload", and it didn't work. That's bad, because that means that /etc/sysctl.conf is not working as expected. I also restarted the system and it didn't work either.

      Before all of that I stopped the default firewall, just in case.

      You can check the Debian documentation about this item here:

      https://www.debian.org/doc/manuals/securing-debian-manual/network-secure.en.html

      So, at this point it looks to me as a bug. I recommend to try with any other distro. It worked for me with Ubuntu.

      Regards,
      Luis.

    • Posts: 1,268
      edited October 2024

      Hi Urs,

      On Debian you also need to do the following (block icmp for ipv6 as well):

      echo "1" > /proc/sys/net/ipv6/icmp/echo_ignore_all

      After that, pings to localhost will be ignored.

      Regards,
      Luis.

    • Posts: 51

      Hi Luis,

      Thank you very much.

      Now I got it too. So it seams that, if icmp on ipv4 is disabled, Debian switches to icmp on ipv6 (if possible). In my case, as I use DHCP, apart form the ipv4 address, my computer was assigned an ipv6 address as well. Maybe that's the reason about this behavior.

      In case it's not a bug, you may consider to update the according lab in the course.

      Best wishes,
      Urs

    • Posts: 1,268

      Hi Urs, it's a pleasure!

      Now I got it too. So it seams that, if icmp on ipv4 is disabled, Debian switches to icmp on ipv6 (if >possible). In my case, as I use DHCP, apart form the ipv4 address, my computer was assigned an ipv6 >address as well. Maybe that's the reason about this behavior.

      Yes, it's a feature, not a bug, hehehe.

      Regards,
      Luis.

    Welcome!

    It looks like you're new here. Sign in or register to get started.
    Sign In

    Welcome!

    It looks like you're new here. Sign in or register to get started.
    Sign In

    Quick Links

    Categories

    Upcoming Training