Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block answer on ping from Vlan

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    12 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User @19taurus79
      last edited by

      @19taurus79 publish your firewall rule on interface vlan 50

      1 1 Reply Last reply Reply Quote 0
      • 1
        19taurus79 @A Former User
        last edited by

        @silence bea6e2fc-0abc-4f14-922e-c0802f3cef54-image.png

        johnpozJ ? 2 Replies Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @19taurus79
          last edited by

          @19taurus79 rules are evaluated on interface where traffic enters pfsense..

          Return traffic is allowed by the state that is created when traffic is allowed.

          If you don't want vlan B to be able to answer ping, then you need to block that traffic from pinging from vlan A..

          Since if you allowed A to ping B, then the answer would be allowed by the state you allowed to be created when you allowed A to ping B.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 1 Reply Last reply Reply Quote 0
          • 1
            19taurus79 @johnpoz
            last edited by 19taurus79

            @johnpoz ok I see, if i dont want vlan 50 to answer on ping to any other vlans. I have to block icmp in the other vlans to vlan 50... Because i want my main adm vlan10 to ping every other vlans. I dont know how important this is for me, but it is more to try and learn:) since this is my security vlan with cameras i thought it could be a good set-up to block icmp.

            johnpozJ 1 Reply Last reply Reply Quote 0
            • ?
              A Former User @19taurus79
              last edited by A Former User

              @19taurus79, you can duplicate the first rule but now swap source and destination.

              and just above create a rule to allow ping from your vlan 10

              1 1 Reply Last reply Reply Quote 1
              • 1
                19taurus79 @A Former User
                last edited by

                @silence Yes, thanks for help. Learning something new every day.. I am new with pfsense rules a little different ffrom edgerouter to setup..

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @19taurus79
                  last edited by

                  @19taurus79 while you might want to stop your cameras from pinging or talking to your other vlans. Not sure why it would be an issues from your other vlans to ping devices in vlan 50.

                  But you do you - but with a stateful firewall, return traffic allowed by the state. If you don't want anything to be able to ping stuff in vlan 50, block them from doing so where their traffic would enter pfsense. This could be done on the interfaces directly, it could be done with a floating rule.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 1 Reply Last reply Reply Quote 1
                  • 1
                    19taurus79 @johnpoz
                    last edited by

                    @johnpoz as i said, this is more for learning what happens and how to do it...

                    johnpozJ 1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator @19taurus79
                      last edited by

                      @19taurus79 Which is great! Just telling you how it works ;)

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 1 Reply Last reply Reply Quote 0
                      • 1
                        19taurus79 @johnpoz
                        last edited by

                        @johnpoz I used the Floating rules and setup with all my Vlans and VPN interfaces to block ICMP to Vlan50. Than i made a new rule for Vlan 10 to one host IPadress that allows ICMP to vlan 50.. It worked, now a beer:)

                        johnpozJ 1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator @19taurus79
                          last edited by

                          @19taurus79 said in Block answer on ping from Vlan:

                          now a beer:)

                          hehee - which is always to the correct response ;)

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          1 Reply Last reply Reply Quote 1
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.