Does anyone know of a way to stop the echo requests from the new Comet Pro?
Unfortunately, using iptables
iptables -I OUTPUT 1 -p icmp --icmp-type echo-request -j DROP
does not work to stop the built-in echo requests. This is very frustrating.
I really want the unit to be local only.
On the RM1, this will disable the LED status daemon, which is sending the ICMP pings. I assume it will be the same for the Pro
/bin/sh /etc/init.d/S23led stop
The Pro doesn’t have /usr/sbin/led_event_controller running.
On the Pro, the ICMP requests are actually coming from a kernel module (kmwan). This is why it is bypassing iptables.
The module is loaded by /etc/init.d/S98multi-wan.
To achieve purely local operation, it is recommended that you configure rules in the firewall of your upstream router to block external network access for the RM10's IP address. Because this request cannot be fulfilled on the RM10.
I hope this is not an official or final statement. “You need to use a firewall to protect the internet from our device” would be a terrible position to take.
Is there a way to get this looked at ? Telling users you have to block there device using their firewall is not a great answer. Really it should be something configurable in the UI. Like “Don’t ping for status”.
Yeah; it’s pretty wild that this thing is doing 3 pings /second to servers that aren’t public ICMP services (1.1.1,8.8.8.8,208.67.222.222)… This “feature” should be removed in favor of a less abusive and more accurate Internet status monitor … if that’s even necessary at all.