icmp_echo_ignore_broadcasts

Typically you want this set to 1, otherwise it could potentiate a denial of service attack on your network. Basically if a ping is sent to the broadcast address of a network all hosts are supposed to respond. Ping flood a broadcast and all hosts have this set to 0, you’re going to encounter some serious network congestion.

Check what the current setting is. If set to 1, broadcast ICMP requests are not responded to, if set to 0 they are responded to.

cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

Disable ignore (allow replies to broadcast pings)

echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

Enable ignore (do not reply to broadcast pings)

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

Alternatively, you can use sysctl to persist the change. Just edit /etc/sysctl.conf and change net.ipv4.icmp_echo_ignore_broadcasts.

vi /etc/sysctl.conf

enabled

net.ipv4.icmp_echo_ignore_broadcasts = 1

disabled

net.ipv4.icmp_echo_ignore_broadcasts = 0 

And then load the conf file

sysctl -p

Ignore ICMP Broadcats With a Saltstack State File

Saltstack configuration management provides a nice way of dealing with sysctl variables. Add the following to one of your state files to persist this change across your infrastructure via configuration management.

net.ipv4.icmp_echo_ignore_broadcasts:
  sysctl.present:
  - value: 1
(Comments)

Comments