Many malicious attacks begin with a ping scan. Disabling ICMP echo requests prevents your system’s discovery with a ping.

As superuser, add the following lines to /etc/sysctl.conf

net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_echo_ignore_all = 1

Then run the following command to cause the change to take effect immediately:

sysctl -p

This change will persist following a reboot.