Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Block ICMP to/from interfaces
« previous
next »
Print
Pages: [
1
]
Author
Topic: Block ICMP to/from interfaces (Read 4248 times)
alfemann
Newbie
Posts: 15
Karma: 0
Block ICMP to/from interfaces
«
on:
May 05, 2022, 12:45:25 pm »
Hi - a general question that is puzzling me.
I have a (primary lan) setup on igb2 with 10.10.11.0/24 and Opnsense interface is 10.10.11.1
In addition - I have another network (guests) on igb3 - with ip 192.168.5.1/24 - opnsense is 192.168.5.1
Reflection is turned on btw, if that matters.
I want to prevent all/any client on the 10.10.11 - network from pinging 192.168.5.1
I have tried all combinations I can think of, but regardless of the rules I make in the firewall, the ping goes through....
Is there something mystical or special about the local IP that I haven't thought about ?
Logged
meyergru
Hero Member
Posts: 1769
Karma: 172
IT Aficionado
Re: Block ICMP to/from interfaces
«
Reply #1 on:
May 05, 2022, 01:16:13 pm »
There is a default rule that allows anything coming from the LAN that is automatically created on install, did you disable that?
If not, do you have an (automatic or specific) outbound NAT rule for your LAN being too general?
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
EdwinKM
Full Member
Posts: 155
Karma: 5
Re: Block ICMP to/from interfaces
«
Reply #2 on:
May 05, 2022, 09:56:35 pm »
Are you testing this ping from the router or using an actual node on the network?
https://forum.opnsense.org/index.php?topic=28105.msg136786#msg136786
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Block ICMP to/from interfaces