how to block Ping?


I need to block all ping requests on my router. Between devices, to external sources and even to router itself.

I need this due to specific configuration.

So how to block Ping?

Set a firewall rule to disable ICMP echo-requests.

1 Like

In raw/prerouting and raw/output since ping is stateful.

1 Like

I think there is one setup by default... just disable it.

Quick note, this really just instructs your firewall to drop ICMP echo-request packets, but:
a) these packets are still sent to your router eating up capacity
b) if you do this in an attempt to become invisible from the WAN side, keep in mind that most ISPs will give a differential response whether an IP is in use or not.

1 Like

3 of them actually in the OpenWrt default firewall. 1 ipv4, 1 ipv6 forward, and 1 ipv6 input.

sysctl net.ipv4.icmp_echo_ignore_all=1 | tee -a /etc/sysctl.conf

icmp_echo_ignore_all - BOOLEAN
If set non-zero, then the kernel will ignore all ICMP ECHO requests sent to it.
Default: 0

Traffic among devices might travel across the internal switch, and not reach the CPU, making it harder (or even impossible to block).

You cannot disable dsa quickpaths, but normally on expects netdev/bridge/arp filters to work at respective levels