the following command prevents internet access on RB2011UASRM
/ip firewall filter
chain=input action=drop protocol=icmp log=no log-prefix=""
I would expect this rule to just block pings.
I will try it in the middle of the night when it as gone quiet.ICMP is not just PING! Blocking all ICMP is an extremely bad idea, and may inhibit communication when the
MTU of your link is less than that of your local network.
At the very least put such a rule later in the chain than permit ESTABLISHED and RELATED rules.
I have been blocking all incoming pings on the WAN port for 4 and 1/2 years now and not had any problems at all, until I started using the 2011UAS with the latest firmware.When you are in an environment using PPPoE (and thus issues with different MTU) then blocking all ICMP is a perfect recipe for big trouble.
Don't do it...
I block incoming not outgoing and have had no problems even with PPPoEBlocking ICMP is not the same as blocking PING!
ICMP is much more than PING!
Many firewall operators do not understand that and cut themselves in the thumb.
ICMP = Internet Control Message Protocol. This is also used for things like determining the MTU of the next hop.
As you are using PPPoE, your next hop will not have the same MTU and by blocking ICMP you cause yourself to
be locked out.
I have a problem with the new firmware not the old firmware I have been using for the past 4 1/2 yearsOk, I thought you had a problem. And I think it is caused by misunderstanding, not by
possible firewall issues. But when all is OK, good for you!