Configure FreeBSD to forbid ping (ICMP)
Introduction
Ping is a commonly used network utility that is used to check the connectivity between two network devices. This utility is available on most operating systems including FreeBSD. However, in some cases, network administrators may want to disable ping on their FreeBSD servers for security reasons. In this blog post, we will discuss how to disable ping on FreeBSD.
Disabling Ping on FreeBSD
To disable ping on FreeBSD, you need to modify the firewall rules to block ICMP packets that are used by the ping utility. The following steps will guide you on how to disable ping on FreeBSD:
Enable pf firewall
Add the following lines to /etc/rc.conf
firewall_enable="YES"
pf_enable="YES"
pf_rules="/usr/local/etc/pf.conf"
Add a firewall rule for ICMP
Add the following rule to /usr/local/etc/pf.conf
block in on vtnet0 proto icmp all
Where vtnet0 is the external network interface.
Testing Ping
After disabling ping, you can test whether it has been disabled successfully by trying to ping your FreeBSD server from another device. If ping is disabled, you will get a “Request timed out” or “Destination host unreachable” error message.
Conclusion
Disabling ping on your FreeBSD server is a good security practice because it helps to prevent network attacks that use ping to identify active hosts. By following the steps outlined in this blog post, you can easily disable ping on your FreeBSD server and improve its security. However, it is important to note that disabling ping may also affect some legitimate network traffic, so it should only be done if necessary.
Reference
https://docs.freebsd.org/zh_CN.UTF-8/books/handbook/securing-freebsd.html