Can anybody help to block PING?

How to make PING command not work? Even in LAN?

from where to where?
in LAN ?

1 Like

a) that's a bad idea
b) if that's what you really want, configure your on-device firewalls accordingly
c) it's still a very bad idea
d) OpenWrt has no influence on communication between peers on your LAN, they are switched


Why? Is there something you're trying to fix? Even if you can block it everywhere, ping is a simple yet important diagnostic tool to check if a device is even reachable at some IP address. Don't make your life harder than it needs to be.

1 Like

drop icmp type 8 and maybe 0

some network diagnostic tool expect gateway to ping.


ICMP echo reply and echo request are sometimes used by devices to determine MTU size (among other things), so if you disable them, you'll break things, possibly severely.

If I were concerned about ping attacks or probes, I'd at most disable them only on WAN and then only for devices upstream from my ISP's router.

$ ubus call network.interface dump | jsonfilter -e '$.interface[@.interface="wan"].route[0].nexthop'   #  My ISP's router so allow this, but reject all others...

# Repeat for "wan6"...