PROBLEM: I would like to block all incoming ping requests.
SOLUTION: Block incoming ICMP traffic using access-list.
[?] Why you should not block ICMP traffic!
https://neilalexander.eu/articles/2017/4/16/understanding-icmp
http://shouldiblockicmp.com/
//create deny rule to drop all ICMP requests
//enable other traffic (bcs of implicit deny by ACL)
Router(config)# access-list 101 deny icmp any any Router(config)# access-list 101 permit ip any any
//assign the rule to the interface
Router(config)# int FastEthernet 0/1 Router(config-if)# ip access-group 101 in
OUTPUT
Router# ping 172.16.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds: UUUUU Success rate is 0 percent (0/5)
Copy & Paste
conf t access-list 101 deny icmp any any access-list 101 permit ip any any int FastEthernet 0/1 ip access-group 101 in end
Source: https://community.cisco.com/t5/routing/block-icmp/td-p/2419132
Leave a Reply