• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

ping from WAN disallowed by default?

General pfSense Questions
ping
4
6
1.0k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    hspindel
    last edited by Oct 24, 2023, 7:34 AM

    Is a ping from the WAN disallowed by default in pfSense?

    I can find lots of documentation about how to enable ping from WAN but nothing about whether it is disabled by default.

    If the default is disabled, does it apply to both IPv4 and IPv6? Where is the firewall rule that does the disabling?

    If ping from WAN is disabled, will that still apply if I have a Wireguard VPN running (or do I need to add separate rules for the VPN interfaces)?

    S 1 Reply Last reply Oct 24, 2023, 7:43 AM Reply Quote 0
    • S
      slu @hspindel
      last edited by Oct 24, 2023, 7:43 AM

      @hspindel

      per default everything is blocked (no rules at all).
      If you didn't have any rule on your WAN interface, ping is also blocked.

      You need a ICMP allow rule...

      pfSense Gold subscription

      1 Reply Last reply Reply Quote 0
      • S
        stephenw10 Netgate Administrator
        last edited by Oct 24, 2023, 11:38 AM

        A ping from WAN is allowed by default. All outbound traffic is allowed.

        All inbound traffic is blocked so pings to WAN will fail without adding a rule to allow it specifically.

        Steve

        H 1 Reply Last reply Oct 24, 2023, 9:58 PM Reply Quote 1
        • H
          hspindel @stephenw10
          last edited by Oct 24, 2023, 9:58 PM

          Thank you both for your replies. Pings blocked from outside my network is what I hoped for.

          However, I am confused about something.

          If I attempt to ping my router from my cell phone (connected to the cell network, not WiFi, pinging my DDNS name), the ping times out as expected. But if I go to the ShieldsUp website, it tells me that my router is responding to pings.

          It seems like ShieldsUp only reports ping responses when my VPN is up. The only thing I can figure is that ShieldsUp is actually pinging the IP address of my VPN endpoint instead of my router's address. Does that make any sense?

          J 1 Reply Last reply Oct 25, 2023, 2:12 AM Reply Quote 0
          • S
            stephenw10 Netgate Administrator
            last edited by Oct 24, 2023, 10:18 PM

            Yes, if it is detecting the IP rather than you entering it.

            1 Reply Last reply Reply Quote 0
            • J
              johnpoz LAYER 8 Global Moderator @hspindel
              last edited by Oct 25, 2023, 2:12 AM

              @hspindel said in ping from WAN disallowed by default?:

              pinging my DDNS name

              Well if you have your vpn up, and it reports the vpn IP as your ddns name, and then you ping the ddns name - then yeah you would be pinging the vpn endpoint.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.