Block ICMP

 systemctl enable nftables

nft flush ruleset

nft add table ip filter

nft add chain ip filter INPUT { type filter hook input priority filter\; policy accept\; }

nft add rule ip filter INPUT icmp type timestamp-request counter reject with icmp type host-prohibited

nft add rule ip filter INPUT icmp type timestamp-reply counter reject with icmp type host-prohibited

nft list ruleset

mv /etc/sysconfig/nftables.conf /etc/sysconfig/nftables.conf-save.$(date +%m%d-%H%M)

nft list ruleset > /etc/sysconfig/nftables.conf

systemctl restart nftables

systemctl status nftables

nft list ruleset