Block ICMP to/from interfaces

Started by alfemann, May 05, 2022, 12:45:25 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 05, 2022, 12:45:25 PM
Hi - a general question that is puzzling me.
I have a (primary lan) setup on igb2 with 10.10.11.0/24 and Opnsense interface is 10.10.11.1
In addition - I have another network (guests) on igb3 - with ip 192.168.5.1/24 - opnsense is 192.168.5.1

Reflection is turned on btw, if that matters.

I want to prevent all/any client on the 10.10.11 - network from pinging 192.168.5.1
I have tried all combinations I can think of, but regardless of the rules I make in the firewall, the ping goes through....
Is there something mystical or special about the local IP that I haven't thought about ?
May 05, 2022, 01:16:13 PM #1
There is a default rule that allows anything coming from the LAN that is automatically created on install, did you disable that?

If not, do you have an (automatic or specific) outbound NAT rule for your LAN being too general?
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
May 05, 2022, 09:56:35 PM #2
Are you testing this ping from the router or using an actual node on the network?
https://forum.opnsense.org/index.php?topic=28105.msg136786#msg136786
Print
Go Up Pages1
User actions