Skip to content

Configure FreeBSD to forbid ping (ICMP)

homepage-banner

Introduction

Ping is a commonly used network utility that is used to check the connectivity between two network devices. This utility is available on most operating systems including FreeBSD. However, in some cases, network administrators may want to disable ping on their FreeBSD servers for security reasons. In this blog post, we will discuss how to disable ping on FreeBSD.

Disabling Ping on FreeBSD

To disable ping on FreeBSD, you need to modify the firewall rules to block ICMP packets that are used by the ping utility. The following steps will guide you on how to disable ping on FreeBSD:

Enable pf firewall

Add the following lines to /etc/rc.conf

firewall_enable="YES"
pf_enable="YES"
pf_rules="/usr/local/etc/pf.conf"

Add a firewall rule for ICMP

Add the following rule to /usr/local/etc/pf.conf

block in on vtnet0 proto icmp all

Where vtnet0 is the external network interface.

Testing Ping

After disabling ping, you can test whether it has been disabled successfully by trying to ping your FreeBSD server from another device. If ping is disabled, you will get a “Request timed out” or “Destination host unreachable” error message.

Conclusion

Disabling ping on your FreeBSD server is a good security practice because it helps to prevent network attacks that use ping to identify active hosts. By following the steps outlined in this blog post, you can easily disable ping on your FreeBSD server and improve its security. However, it is important to note that disabling ping may also affect some legitimate network traffic, so it should only be done if necessary.

Reference

  • https://docs.freebsd.org/zh_CN.UTF-8/books/handbook/securing-freebsd.html
Feedback







Disclaimer
  • Welcome to visit the knowledge base of SRE and DevOps!
  • License under CC BY-NC 4.0
  • Made with Material for MkDocs and improve writing by generative AI tools
  • Copyright issue feedback me#imzye.com, replace # with @