How To Block Pings (ICMP) in UFW Firewall

By default, UFW will block all incoming traffic except pings (ICMP). That is the default behavior of the Ubuntu Firewall.

If you look at /etc/ufw/before.rules, you will find the following Firewall rules.

# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

# ok icmp code for FORWARD
-A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT

To block ping (ICMP) requests, comment out those lines and reload the Firewall with the sudo ufw reload command.

Note that the UFW command-line tool does not have an option to work with the ICMP protocol directly.