In this posting, i'll share how to blocking ping or icmp packet on mikrotik router. On default, icmp protocol has been opened, because this protocol is used to check is host up or down.
But on certain condition, icmp protocol must be closed to avoid from scanner tool. So we have to close this protocol. On mikrotik we can do this by simple configuration.
Before we configuration, ping to ip address 10.16.34.1 are reply.
Here's how to step by step block icmp packet on mikrotik :
- First, connect to your mikrotik router using winbox
- Then, click IP > Firewall
- On the tab Filter Rules, click plus sign (+)
- Select chain : forward (note : if you want to block ping to mikrotik router, you must select chain : input) and fill in the Dst. Address to ip address target
- Next, on the tab Action, select Action : drop
- Click OK button, and now you can test your rule from Client
After we create rule, now ping to ip address 10.16.34.1 are timeout
You can also create this rule from terminal, if you are familiar using terminal. Open your terminal from winbox or if you are remote using ssh or telnet, just type this command.
/ip firewall filter add chain=forward dst-address=10.16.34.1 action=drop Chain : change to your chain rule, forward if you are going to block the ip address outside mikrotik router, and input if you are going to block ip address mikrotik router.
Dst-address : change to the target ip address you want to block.
Ok, that's so simple setting, hope its useful.
xd ahi bloqueas todo el trafico a esa direccion no solo el ping asi que no sive eso
BalasHapusI would like to report that.
BalasHapusIt's seemed not working follow by above comment.
Please test it.
dear this guy did not selected the protocol which want to be block
BalasHapus