Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block PING

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      AudiAddict
      last edited by

      Is there a way to block people from ping-ing our servers? I cannot find the ICMP protocol in the firewall protocol list.

      are there any problems related to blocking ping in general? Do programs, software, packages or connections rely on this functionality?

      If not, I would like to block it in the sense.. the less they see the better..

      1 Reply Last reply Reply Quote 0
      • A Offline
        AudiAddict
        last edited by

        edit : my bad.. I found the ICMP protocol (i must of overlooked it).

        Can somebody tell me if it's a bad idea to block all the ICMP types? Would this give me any issue's? if set to source any -> destination any block all? Or would a echo/ echo reply be sufficient

        1 Reply Last reply Reply Quote 0
        • C Offline
          cmb
          last edited by

          Yes it's a bad idea to block all ICMP types - there are legit and important uses for ICMP in a network.

          But with that said, the state tracking code will allow return ICMP traffic resulting from connections initiated inside your network, so you can pretty much block at will on your WAN and not break anything. There may be some cases where you'll want to not block everything, but in most environments that's fine to do with pfSense since it'll allow these legit ICMP types.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.