Block ICMP (Ping) on a specific VS

Question

Hello All,&nbsp;
&nbsp;I'm wondering if it's possible to block ping response on a specific VS by an iRule or by another configuration way.&nbsp;
&nbsp;Thanks for your help.&nbsp;
&nbsp;AB&nbsp;&nbsp;

hooleylist · Answer

Hi Alfy, 
&nbsp;  
&nbsp; You could use a packet filter that drops ICMP for specific virtual addresses.  I think you could use a packet filter rule like: 
&nbsp;  
&nbsp; ( proto ICMP ) and ( dst host 10.1.1.1) 
&nbsp;  
&nbsp; where 10.1.1.1 is your virtual server address.  The action would be drop. 
&nbsp;  
&nbsp; You can check the config guide for your version for details.  Here's the manual section for 11.1: 
&nbsp;  
&nbsp; TMOS concepts - 11.1 
&nbsp; https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-concepts-11-1-0/tmos_packet_filters.html 
&nbsp;  
&nbsp; TMOS Implementations - 11.1 
&nbsp; https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-11-1-0/14.html 
&nbsp;  
&nbsp; Aaron

alfy · Answer

Hi Aaron, 
&nbsp;  
&nbsp; Thnaks a lot for your answer. 
&nbsp; It's working well. 
&nbsp;  
&nbsp; AB

ryan_80304 · Answer

Hi Aaron, 
&nbsp;  
&nbsp; Thanks for the info. Worked for me too. 
&nbsp;  
&nbsp;  
&nbsp; Regards, 
&nbsp;  
&nbsp; Ryan,

Forum Discussion

Block ICMP (Ping) on a specific VS

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Post of the Week: Blocking a Specific URI

Block IP after a number of ASM Blocks

Block traffic

Attacks against Domain Specific Languages, EU Cybersecurity Laws, & Supply Chain Attacks

Response and blocking page

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS