I want to block trace & ping of my own interface ip only.
What can i do for that???
Plz help me out for that…
/ip firewall filter add chain=input protocol=icmp action=drop
Place it at the top of input chain
Thx. its working now.
Blocking all ICMP is BAD.. I wouldn’t suggest people doing this! Blocking all ICMP will breaks things Devil and is evil
much better is: ip firewall filter add chain=input protocol=icmp icmp-options=8:0 action=drop
yeah you are right in some sense. it might break fragment responses coming from the internet. but then again its kind of common practice nowadays. and not too many people who block icmp report side effects. it’s also the default setting on a lot of routers. as long as DF flag is not set on a packet, routers along the way should be able to solve any fragment issues. but strictly speaking, you are right. the standard requires icmp to be open.
what about blocking the trace only while keeping icmp unblocked ?