On 2020-01-23, myml...@gmx.com <myml...@gmx.com> wrote: > Hi, > > I'm just wondering if there is a way to rate limit icmp echo request. > i.e. pings. > > I tried the following rule but it errors out with "syntax error" > > pass in quick on em1 inet proto icmp from 192.168.0.23 to 192.168.1.2 > icmp-type echoreq (max-src-conn-rate 1/2, overload <abusive_hosts> flush)
See Jesper's reply for this. > I'm trying to avoid even standard pings and especially "ping -f". > > Additionally, I was wondering if there would be a way to block icmp > that's over a certain size. "ping -s". Not in PF, but see "fildrop" in tcpdump(8).