[Help Needed] Block outgoing ping

Started by ubear, August 18, 2024, 03:33:34 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 18, 2024, 03:33:34 PM Last Edit: August 20, 2024, 11:57:51 AM by ubear
Hello wise people!
I have the following setup:
LAN and 7 VLAN's on igb0
Primary WAN on igb1
Fallback WAN2 on igb2

Q1: I want to block ping from all LAN and VLAN's to any external addresses (WAN or WAN2) while preserving ping within my network.
My attempt for WAN: created an OUT rule on WAN that (PASS or BLOCK) IPV4 ICMP packets. both modes blocked the outgoing ping, WHY?

Q2: I want to enable outgoing ping from ONE particular host for speedtest. Adding such a rule (pass, from 192.168.60.10 to any, IPV4, ICMP) below or above the  previously mentioned rule has no effect. Why?

Why block ICMP:
https://socfortress.medium.com/data-exfiltration-using-icmp-and-how-to-detect-it-69a799cca234
https://medium.com/@sam.rothlisberger/icmp-echo-request-data-exfiltration-f41f59fcf87a
https://github.com/martinoj2009/ICMPExfil

Why block on WAN-OUT:
Because I heve 8 internal networks. one rule to block all ICMP plus 7 rules to allow ICMP to other internal LAN's is 64 rules to write.

Many thanks
Uri
August 18, 2024, 04:00:45 PM #1
Dunno, I do not like breaking basic network diagnostics tools for people, such as ping, so don't have any such issue.

Just on a generic note, generally you want to block packets where they first hit the firewall (i.e., using the firewall rules that apply to the (VLANs). No point in letting them leave (V)LAN just to drop them on WAN later on.

For further assistance from someone else, I'd say attaching a screenshot of your firewall rules and posting the logs would help.
Print
Go Up Pages1
User actions