how to block Ping?


I need to block all ping requests on my router. Between devices, to external sources and even to router itself.

I need this due to specific configuration.

So how to block Ping?

May you please elaborate why you need to block ping?
It's pretty unusual.

A ping is an ICMP package. I don't think the GL-iNet is able to just block ping without all other ICMP traffic, without deeper work.

But you could just go to "system - advanced", open LuCI and go to "Network - Firewall" settings and add a rule to drop ICMP packages...

You should make sure to disable the online check in GL-iNet GUI "network - MultiWAN" first, as this won't work either.

But block ping is in general a bad idea. The so called 'Stealth Mode' is hoax. You can identify the system above and below this OSI layer as well.

Somebody uses it to Dos my network...

I don't think this will help a lot.
If the interface is under DDOS, drop the packages will save some processing power, but the packages will still jam the line.

The DDOS won't stop, just there is no pong (reply of a ping). In fact the attacker won't wait for or read the pong. The requests will still be forwarded over the known route, for example from a DNS request -> IP -> Routing table

1 Like

No no. It is not professional Dos. Someone just flood with ping requests with huge packet weight…

Always from the same address? In that case you should drop this address in your firewall.

You can block it via luci.

By default in OpenWrt one of the default rules has this open for wan.

By disabling it you can go to luci -> network -> firewall -> traffic rules.

Then uncheck the Allow-ping checkbox.

Now however:

Traceroutes or tracerts will not work.

and do you want to prevent local devices pinging to the router?

No. From random MAC and IP


I would assume that it's easier to turn off the router (and the network itself) for a few hours / days to hope the DDoS will stop. It highly depends on your internet connection speed.

@admon it is in LAN, not in WAN. I cannot turn off as it gives access to file storage and security cameras (in LAN)

Somebody in LAN is trying to DDoS you?!
How big is your LAN?

17 devices + 37 cameras

With switches or is everything Wi-Fi?

You should try to trace the traffic down to the device which acts like an attacker here. And then ... punish the owner. :imp:

Well, if everything is just Wi-Fi only ... then you won't have much control.

You could try to kick devices one by one and check if the ICMP DDoS stops.

opkg update && opkg install tcpdump
# Will show all ICMP requests on device rax0 (in my case thats my Wi-Fi, you need to adjust it)
tcpdump icmp -i rax0

How to kick a device depends highly on your routers model and firmware version.

I guess rax0 isn't the Wi-Fi used. Try ra0 instead.

Ok, solved by changing my WIFI password. Thank everyone!