Warning: This change will be reverted after reboot or firewalla service restarts.
Please see https://help.firewalla.com/hc/en-us/articles/360046703673-Firewalla-Feature-Guide-Network-Manager
Under advanced settings, you can now disable ICMP
Warning: This change will be reverted after reboot or firewalla service restarts.
Please see https://help.firewalla.com/hc/en-us/articles/360046703673-Firewalla-Feature-Guide-Network-Manager
Under advanced settings, you can now disable ICMP
Comments
7 comments
Any plans to make this persistent?
Seems to be broken for dual lan configuration
pi@firewalla:~ (Firewalla) $ sudo iptables -A FW_INPUT_DROP -i $(frcc | jq -r '.routing.global.default.viaIntf') -p icmp -j FW_DROP
jq - commandline JSON processor [version 1.5-1-a5b5cbe]
Usage: jq [options] <jq filter> [file...]
jq is a tool for processing JSON inputs, applying the
given filter to its JSON text inputs and producing the
filter's results as JSON on standard output.
The simplest filter is ., which is the identity filter,
copying jq's input to its output unmodified (except for
formatting).
...
But this seems to work
sudo iptables -A FW_INPUT_DROP -i eth0 -p icmp -j FW_DROP
sudo iptables -A FW_INPUT_DROP -i eth1 -p icmp -j FW_DROP
Thanks for the feedback. Yes, it does not support dual WAN currently. And the alias of frcc is changed in 1.971. We will eventually make this configurable via the app.
I had to replace $() with eth0
BTW as soon as I ran this command, the WAN network ping test failed. The WAN network now has a red dot and I got an alarm saying "internet connectivity change" and that the connectivity was down. Haven't lost connectivity though.
I believe
sudo iptables -A FW_INPUT_DROP -i eth0 -p icmp --icmp-type 8 -j FW_DROP
should work for single WAN.
Add
sudo iptables -A FW_INPUT_DROP -i eth1 -p icmp --icmp-type 8 -j FW_DROP
if you are using dual WAN.
I put these in a startup script in
/home/pi/.firewalla/config/post_main.d
until Firewalla makes this configurable.
keep in mind this assumes that you are using FW ports 4 and 3. If you change which ports are your WAN you need to change the the choices accordingly.
that did the trick. the key was "icmp-type 8" Thank you.
Glad it worked. All credit goes to Firewalla! I just passed it along.
Please sign in to leave a comment.