Hello
I trying to blocking ICMP by
echo 1 >> /proc/sys/net/ipv4/icmp_echo_ignore_all
but after restart my container - kernel restore icmp_echo_ignore_all old value (0)
please help to fix this issue
thak you very much

ICMP is a useful tool to you (helps to monitor if your server is at least partially up).

ICMP is oh so last decade for hackers. Now they do much more sophisticated scans/fingerprinting such that no PING reply isn't even on their radar.

Security thru Obscurity is a myth - since blocking ICMP does nothing to increase your security, but does increase your Admin overhead - why bother?

Thank very much for help and for vonskippy advice

My linode has been pinged 13,231 times - it seems that there may be some hackers still living on the last decade.

A second? A day? A month? Since you've setup your Linode?

Your statement has as much useful content as Han Solo's "making the Kessel Run in under 12 parsecs" line.

As I've mentioned, PING is used by MANY legitimate services, and no competent hacker relies on it to determine if there's a "target" out there.

But hey, turn off ping, make your life as a sysadmin much harder, what do I care.

It has plenty of useful content; Kessel is right next to the Maw, an abnormally dense collection of black holes, requiring a circuitous winding path to be navigated to reach it. A faster ship would allow the pilot to cut closer to the gravity wells than would otherwise be possible, allowing a shorter route to be taken, or for paths that would normally be completely impossible.

It's a simple optimization problem. Making a run to Kessel in under 12 parsecs (to or from what point is not really clear) would mean that the high speed of the ship and skill of the pilot allowed a more direct route, saving time.