Can anybody help to block PING?

How to make PING command not work? Even in LAN?

from where to where?
in LAN ?

1 Like

a) that's a bad idea
b) if that's what you really want, configure your on-device firewalls accordingly
c) it's still a very bad idea
d) OpenWrt has no influence on communication between peers on your LAN, they are switched

9 Likes

Why? Is there something you're trying to fix? Even if you can block it everywhere, ping is a simple yet important diagnostic tool to check if a device is even reachable at some IP address. Don't make your life harder than it needs to be.

1 Like

drop icmp type 8 and maybe 0

some network diagnostic tool expect gateway to ping.

:+1:t3:

ICMP echo reply and echo request are sometimes used by devices to determine MTU size (among other things), so if you disable them, you'll break things, possibly severely.

If I were concerned about ping attacks or probes, I'd at most disable them only on WAN and then only for devices upstream from my ISP's router.

$ ubus call network.interface dump | jsonfilter -e '$.interface[@.interface="wan"].route[0].nexthop'
123.45.67.8   #  My ISP's router so allow this, but reject all others...

# Repeat for "wan6"...
3 Likes