Block PING

  • Is there a way to block people from ping-ing our servers? I cannot find the ICMP protocol in the firewall protocol list.

    are there any problems related to blocking ping in general? Do programs, software, packages or connections rely on this functionality?

    If not, I would like to block it in the sense.. the less they see the better..

  • edit : my bad.. I found the ICMP protocol (i must of overlooked it).

    Can somebody tell me if it's a bad idea to block all the ICMP types? Would this give me any issue's? if set to source any -> destination any block all? Or would a echo/ echo reply be sufficient

  • Yes it's a bad idea to block all ICMP types - there are legit and important uses for ICMP in a network.

    But with that said, the state tracking code will allow return ICMP traffic resulting from connections initiated inside your network, so you can pretty much block at will on your WAN and not break anything. There may be some cases where you'll want to not block everything, but in most environments that's fine to do with pfSense since it'll allow these legit ICMP types.

Log in to reply