Block LAN from pinging (ICMP) the gateway
-
Hello everybody,
I have a problem and do not know how to solve it…
I have A LAN interface with subnet 192.168.4.0/24 where 192.168.4.1 is the LAN interface IP "the pfsense sserver IP". I want to block PINGING to 192.168.4.1 from subnet 192.168.4.0/24. I have tried those rules but noway even LOG does not report any pinging.Firewall: Rules
LAN
Proto Source Port Destination Port Gateway Schedule DescriptionBlock ICMP 192.168.4.1 * * * *
Block ICMP LAN net * LAN address * *
Block ICMP 192.168.4.150 * 192.168.4.1 * *
Block ICMP 192.168.4.0/24 * 192.168.4.1 * *
I do nt understand why it doesnt block or even log this ??? any solutions??? explanations???
Thank you -
There is a hidden firewall rule in pfsense with higher priority than any rule you create, allowing access to the LAN IP from the LAN subnet. If you want to override this you have to check the box on the "System: Advanced functions" page that says "Disable webGUI anti-lockout rule".
You should use this feature with great caution, as you will now be free to prevent yourself access to the GUI (you will still have access to the serial console, although you can password protect that too).
-
Action: Reject,Source: Any, Destination : Any , Port: ICMP
Hope this help.jigp
1.2.X