Cisco ICMP filtering 1

[Step]

Hi,<br><br>I'm looking at ways of filtering ICMP rather than completely blocking any type of ICMP requests.<br><br>Some kind of regulatory ICMP filter where a maximum no of requests will be allowed. Yet the function is not disabled.<br>Any ideas or help would be great thx.<br>

 

[jeter]

I&nbsp;&nbsp;looked at all of my Cisco books, in each case under Extended Access-Lists it shows you can only deny all of the ICMP not parts .( theres like 37 fields in ICMP msg types ). I could be wrong , but it don't look good !!!

 

[pvmoore]

An extended Access List WILL allow you to deny a given ICMP type.<br>For example :<br>access-list 101 deny icmp any any echo<br>will filter and drop ping requests to and from any host.<br><br>If you enter :<br>access-list 101 deny icmp any any ?<br>you'll see the list of ICMP protocols that can be filtered.<br><br>Remember to ensure you define what traffic you do want to allow - otherwise the implicit &quot;deny all&quot; will filter&nbsp;&nbsp;everything..!!<br>nb. This post is assuming you're using v12.x software.

 

[munsonbrown]

I don't believe cisco allows a way to filter by number of occurances for a good reason.&nbsp;&nbsp;It's sounds like you may want to send test ping through a firewall but still block massive ping attacks.&nbsp;&nbsp;Even if you were able to allow only four pings, you would still have to worry about a ping attack, just in sets of four.&nbsp;&nbsp;Maybe you can determine a policy to allow pings and responses to and from certain ip addresses.&nbsp;&nbsp;If I am way off of your intensions I apologize.