ping from WAN disallowed by default?
-
Is a ping from the WAN disallowed by default in pfSense?
I can find lots of documentation about how to enable ping from WAN but nothing about whether it is disabled by default.
If the default is disabled, does it apply to both IPv4 and IPv6? Where is the firewall rule that does the disabling?
If ping from WAN is disabled, will that still apply if I have a Wireguard VPN running (or do I need to add separate rules for the VPN interfaces)?
-
per default everything is blocked (no rules at all).
If you didn't have any rule on your WAN interface, ping is also blocked.You need a ICMP allow rule...
-
A ping from WAN is allowed by default. All outbound traffic is allowed.
All inbound traffic is blocked so pings to WAN will fail without adding a rule to allow it specifically.
Steve
-
Thank you both for your replies. Pings blocked from outside my network is what I hoped for.
However, I am confused about something.
If I attempt to ping my router from my cell phone (connected to the cell network, not WiFi, pinging my DDNS name), the ping times out as expected. But if I go to the ShieldsUp website, it tells me that my router is responding to pings.
It seems like ShieldsUp only reports ping responses when my VPN is up. The only thing I can figure is that ShieldsUp is actually pinging the IP address of my VPN endpoint instead of my router's address. Does that make any sense?
-
Yes, if it is detecting the IP rather than you entering it.
-
@hspindel said in ping from WAN disallowed by default?:
pinging my DDNS name
Well if you have your vpn up, and it reports the vpn IP as your ddns name, and then you ping the ddns name - then yeah you would be pinging the vpn endpoint.
