ICMP to internet addresses

  • Hello everyone,
    I'm testing pfsense in a virtual lab.
    I have 3 LAN interfaces, in one of them I configured http and https traffic interception for virus scanning. everything works fine (using squid)
    My question is how do I allow ICMP traffic to internet addreses only.


  • Define an RFC 1918 alias in Firewall > Aliases. Add all private network ranges to it.
    Then add a pass filter rule, select ICMP protocol, at destination check „Invert“, „single host or alias“ and enter the RFC 1918 alias.

    Consider that this works only if you have restricted access rules, so that ICMP is not allowed by ofher rules.

  • @viragomann brilliant!!
    Thanks! It works!

Log in to reply