How to disable ping requests with ESET Internet Security and other firewall settings

 

ICMP echo requests (commonly known as ping) are used to test reachability/connectivity of a device on Layer 3 'Network' protocol. The 'ping' commands sends ICMP packets and shows the round trip time (time taken for packet to deliver plus time for receiving back its acknowledgement) for each packet and their maximum, minimum and average RTT.

To disable ping requests TO or FROM your device, we have to define rules in firewall to block PING requests from specified IP addresses or all addresses.

If you have ESET Internet Security installed, the firewall settings are managed by the antivirus itself. 

So, to disable PING requests, we have to define rules in there.

Go to ESET Internet Security > Setup > Network Protection > Firewall > Click on small settings icon on right > Configure

In the configure window, click on Advanced, then 'Edit' besides Rules.

In the rules window, check the 'Show built-in (predefined) rules' option: -

Scrolling down a little bit, you'll see these two rules already defined: -

Let them be there, we'll define new rules.

Click on 'Add' button. Give your rule any name. Specify the direction to which you want to block requests i.e., TO and FROM (OUT and IN). Select 'Deny' for 'Action'. Select 'ICMP' for 'Protocol'. 

For ICMP Type/Code, the request code is '8' and response code is usually 0,3 OR 11. But you can leave it blank. It will work fine. 

If you click on 'OK' this rule will apply to all IP addresses so ping requests from all IP addresses will be blocked. If you want only specific IP addresses to be blocked, click on 'Remote' tab in 'Edit Rule' window. Then in the IP box, define the IP address or specific range of IP addresses for which to block requests. After defining it, finally, click on 'OK'.

Now scroll down to the bottom, you'll find the rule there. You will have to move your rule above that default 'Allow outgoing ICMP requests' rule in order for it to be evaluated first. Move your rule to the top by clicking on left-most upward arrow in right corner: -

Once it's moved to top, close all windows by clicking on 'OK'.

Now try pinging to any of device in your LAN or even your localhost. If you blocked Outgoing requests you will see following message: -

Similarly, if you blocked Incoming requests, other machines will also see this message.

How to allow network access to certain IP addresses (basically disable firewall only for certain IP addresses)

To disable firewall only for specific IP addresses (for example, a device in your private network) so that it can access services on your device, you can create the following rule for that: -

Go to ESET Internet Security > Setup > Network Protection > Firewall > Click on small settings icon on right > Configure

In the configure window, click on 'Advanced' and in there click on 'Edit' button besides 'Rules'.

Click on 'Add' to add a new rule, in the 'General' tab, give your rule any name, select 'Both' directions OR any specific direction you want, select 'Allow' for 'Action', select the type of traffic (TCP, UDP, ICMP etc.) that you want to allow in 'Protocol'. Select 'Any' if you want to allow all types of traffic.

Now click on 'Remote' tab and in the IP box, define the IP address to which you want to grant access to.

After that click on 'OK' and move your rule to the top.

Finally close all the windows by clicking on 'OK'.

Now this will disable firewall for your selected IP address(s) and they can access any servers you have opened for to listen in your machine.

By: Zaeem Khaliq On 1/18/2022

Continue Reading