为了防止探测，一般会在服务器上设置禁止响应ping，但这会造成不便。
我们可以采取以下办法，只响应特定长度的ping包。
修改/etc/ufw/before.rules中的

# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

为

# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP 
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -m length --length 1028 -j ACCEPT

然后重启ufw服务。
ping时使用以下指令（其中 size=设定值-28[包头]）
win:

ping -l 1000 my-server-ip

linux:

ping -s 1000 my-server-ip

实测效果：

#不指定size，失败
ubuntu@ubuntu:/etc/ufw$ ping example.com
PING example.com (1.1.1.1) 56(84) bytes of data.
--- example.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3068ms

#指定正确的size，成功
ubuntu@ubuntu:/etc/ufw$ ping example.com -s 1000
PING example.com (1.1.1.1) 1000(1028) bytes of data.
1007 bytes from 1.1.1.1 (1.1.1.1): icmp_seq=1 ttl=63 time=0.378 ms
1007 bytes from 1.1.1.1 (1.1.1.1): icmp_seq=2 ttl=63 time=1.03 ms
--- example.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.378/0.705/1.032/0.327 ms

参考文章：

• 防封锁防探测翻墙