Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Block outbound icmp to external address?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Block outbound icmp to external address? (Read 3264 times)
csmall
Full Member
Posts: 121
Karma: 5
Block outbound icmp to external address?
«
on:
June 05, 2018, 06:13:21 am »
What rule would I need to create to block outbound icmp to 8.8.8.8?
In the log live view I see int wan with the wan ip as the source icmp to 8.8.8.8
Logged
ruffy91
Jr. Member
Posts: 79
Karma: 9
Re: Block outbound icmp to external address?
«
Reply #1 on:
June 05, 2018, 09:09:37 am »
Block from where? From an interface or from the firewall itself?
If from the firewall itself:
There is an automatic Rule which allos any outgoing traffic. You have to add a NAT rule (NAT is processed before automatic rules) which blackholes the icmp request to 8.8.8.8.
If from an Interface:
Don't allow it in the first place or add a deny rule on the interface for icmp requests going to 8.8.8.8
You can also NAT any outgoing traffic from that interface to your own NS, so no matter what name servers the clients on that interface have set the requests are always served by yours instead.
Logged
csmall
Full Member
Posts: 121
Karma: 5
Re: Block outbound icmp to external address?
«
Reply #2 on:
June 05, 2018, 11:14:01 am »
I need the NAT rule. The traffic I see being allowed out says it is the wan interface and the IP address of the wan interface is the source with 8.8.8.8 as the destination.
I already have the NAT rule configured to redirect DNS but now something internally is pinging 8.8.8.8 (I think it is the google devices in my network ever since the DNS NAT rule was put in place).
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Block outbound icmp to external address?