block special icmp echo request/response

September 14, 2025

block special icmp echo request/response

iptables -A OUTPUT -p icmp --icmp-type echo-reply -m u32 --u32 "28 = 0xecececec" -j DROP

OR

iptables -A INPUT -t mangle -p icmp --icmp-type echo-request -m u32 --u32 "28 = 0xecececec" -j MARK --set-mark 0x1234

iptables -A OUTPUT -p icmp --icmp-type echo-reply -m mark --mark 0x1234 -m u32 --u32 "28 = 0xecececec" -j DROP

sysctl net.ipv4.fwmark_reflect=1

Comments