Block ICMP (Ping) on a specific VS

Question

Hello All,&nbsp;
&nbsp;I'm wondering if it's possible to block ping response on a specific VS by an iRule or by another configuration way.&nbsp;
&nbsp;Thanks for your help.&nbsp;
&nbsp;AB&nbsp;&nbsp;

hoolio · Answer

Hi Alfy, 
&nbsp;  
&nbsp; You could use a packet filter that drops ICMP for specific virtual addresses.  I think you could use a packet filter rule like: 
&nbsp;  
&nbsp; ( proto ICMP ) and ( dst host 10.1.1.1) 
&nbsp;  
&nbsp; where 10.1.1.1 is your virtual server address.  The action would be drop. 
&nbsp;  
&nbsp; You can check the config guide for your version for details.  Here's the manual section for 11.1: 
&nbsp;  
&nbsp; TMOS concepts - 11.1 
&nbsp; https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-concepts-11-1-0/tmos_packet_filters.html 
&nbsp;  
&nbsp; TMOS Implementations - 11.1 
&nbsp; https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-11-1-0/14.html 
&nbsp;  
&nbsp; Aaron

alfy · Answer

Hi Aaron, 
&nbsp;  
&nbsp; Thnaks a lot for your answer. 
&nbsp; It's working well. 
&nbsp;  
&nbsp; AB

ryan_80304 · Answer

Hi Aaron, 
&nbsp;  
&nbsp; Thanks for the info. Worked for me too. 
&nbsp;  
&nbsp;  
&nbsp; Regards, 
&nbsp;  
&nbsp; Ryan,

Forum Discussion

Block ICMP (Ping) on a specific VS

3 Replies

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Long URL Redirecting

APM Access Policy|SSLVPN | SAML auth questionnaires

Azure Virtual Machine Scale Set (VMSS) with F5 LTM

F5 DNS Generic Host

Which encyrtion algorithm is used when making Kerberos ticket encyrtion.

Related Content

Post of the Week: Blocking a Specific URI

Block IP after a number of ASM Blocks

Installing and Locking a Specific Version of F5 NGINX Plus

F5-OS Rseries. Asking about Ping command

Block traffic

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS