how to block Ping?

cat_in_box · May 19, 2024, 8:36am

Hello!

I need to block all ping requests on my router. Between devices, to external sources and even to router itself.

I need this due to specific configuration.

So how to block Ping?

admon · May 19, 2024, 8:50am

May you please elaborate why you need to block ping?
It's pretty unusual.

LupusE · May 19, 2024, 9:11am

A ping is an ICMP package. I don't think the GL-iNet is able to just block ping without all other ICMP traffic, without deeper work.

But you could just go to "system - advanced", open LuCI and go to "Network - Firewall" settings and add a rule to drop ICMP packages...

You should make sure to disable the online check in GL-iNet GUI "network - MultiWAN" first, as this won't work either.

But block ping is in general a bad idea. The so called 'Stealth Mode' is hoax. You can identify the system above and below this OSI layer as well.

cat_in_box · May 19, 2024, 9:14am

Somebody uses it to Dos my network...

LupusE · May 19, 2024, 9:28am

I don't think this will help a lot.
If the interface is under DDOS, drop the packages will save some processing power, but the packages will still jam the line.

The DDOS won't stop, just there is no pong (reply of a ping). In fact the attacker won't wait for or read the pong. The requests will still be forwarded over the known route, for example from a DNS request -> IP -> Routing table

cat_in_box · May 19, 2024, 9:39am

No no. It is not professional Dos. Someone just flood with ping requests with huge packet weight…

admon · May 19, 2024, 9:55am

Always from the same address? In that case you should drop this address in your firewall.

xize11 · May 19, 2024, 10:03am

You can block it via luci.

By default in OpenWrt one of the default rules has this open for wan.

By disabling it you can go to luci -> network -> firewall -> traffic rules.

Then uncheck the Allow-ping checkbox.

Now however:

Traceroutes or tracerts will not work.

and do you want to prevent local devices pinging to the router?

cat_in_box · May 19, 2024, 10:39am

No. From random MAC and IP

Yes

admon · May 19, 2024, 10:41am

I would assume that it's easier to turn off the router (and the network itself) for a few hours / days to hope the DDoS will stop. It highly depends on your internet connection speed.

cat_in_box · May 19, 2024, 10:53am

@admon it is in LAN, not in WAN. I cannot turn off as it gives access to file storage and security cameras (in LAN)

admon · May 19, 2024, 10:58am

Somebody in LAN is trying to DDoS you?!
How big is your LAN?

cat_in_box · May 19, 2024, 10:59am

17 devices + 37 cameras

admon · May 19, 2024, 11:00am

With switches or is everything Wi-Fi?

You should try to trace the traffic down to the device which acts like an attacker here. And then ... punish the owner.

admon · May 19, 2024, 11:10am

Well, if everything is just Wi-Fi only ... then you won't have much control.

You could try to kick devices one by one and check if the ICMP DDoS stops.

opkg update && opkg install tcpdump
# Will show all ICMP requests on device rax0 (in my case thats my Wi-Fi, you need to adjust it)
tcpdump icmp -i rax0

How to kick a device depends highly on your routers model and firmware version.

admon · May 19, 2024, 11:23am

I guess rax0 isn't the Wi-Fi used. Try ra0 instead.

cat_in_box · May 19, 2024, 11:28am

Ok, solved by changing my WIFI password. Thank everyone!