OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: csmall on June 05, 2018, 06:13:21 am

Title: Block outbound icmp to external address?
Post by: csmall on June 05, 2018, 06:13:21 am

What rule would I need to create to block outbound icmp to 8.8.8.8?

In the log live view I see int wan with the wan ip as the source icmp to 8.8.8.8

Title: Re: Block outbound icmp to external address?
Post by: ruffy91 on June 05, 2018, 09:09:37 am

Block from where? From an interface or from the firewall itself?
If from the firewall itself:
There is an automatic Rule which allos any outgoing traffic. You have to add a NAT rule (NAT is processed before automatic rules) which blackholes the icmp request to 8.8.8.8.
If from an Interface:
Don't allow it in the first place or add a deny rule on the interface for icmp requests going to 8.8.8.8

You can also NAT any outgoing traffic from that interface to your own NS, so no matter what name servers the clients on that interface have set the requests are always served by yours instead.

Title: Re: Block outbound icmp to external address?
Post by: csmall on June 05, 2018, 11:14:01 am

I need the NAT rule. The traffic I see being allowed out says it is the wan interface and the IP address of the wan interface is the source with 8.8.8.8 as the destination.

I already have the NAT rule configured to redirect DNS but now something internally is pinging 8.8.8.8 (I think it is the google devices in my network ever since the DNS NAT rule was put in place).