Pi-hole getting flagged in my IPS logs as ICMP flooding

David_Avery · August 3, 2020, 3:30pm

Every 10 minutes my pi-hole(s) will get flagged by my firewall as sending ICMP floods to 5 various IP's in the setup variables. Are you checking all these DNS servers for availability or just 5 at a time?

2020:08:03-07:46:15 firewall-name ulogd[5203]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth0" srcmac="00:50:56:8e:3b:8a" dstmac="00:0c:29:c7:bf:70" srcip="10.0.0.3" dstip="1.1.1.1" proto="1" length="223" tos="0x00" prec="0xc0" ttl="64" type="3" code="3"
2020:08:03-07:46:15 firewall-name ulogd[5203]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth0" srcmac="00:50:56:8e:3b:8a" dstmac="00:0c:29:c7:bf:70" srcip="10.0.0.3" dstip="8.20.247.20" proto="1" length="197" tos="0x00" prec="0xc0" ttl="64" type="3" code="3"
2020:08:03-07:46:15 firewall-name ulogd[5203]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth0" srcmac="00:50:56:8e:3b:8a" dstmac="00:0c:29:c7:bf:70" srcip="10.0.0.3" dstip="8.26.56.26" proto="1" length="197" tos="0x00" prec="0xc0" ttl="64" type="3" code="3"
2020:08:03-07:46:15 firewall-name ulogd[5203]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth0" srcmac="00:50:56:8e:3b:8a" dstmac="00:0c:29:c7:bf:70" srcip="10.0.0.3" dstip="149.112.112.11" proto="1" length="197" tos="0x00" prec="0xc0" ttl="64" type="3" code="3"
2020:08:03-07:46:15 firewall-name ulogd[5203]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth0" srcmac="00:50:56:8e:3b:8a" dstmac="00:0c:29:c7:bf:70" srcip="10.0.0.3" dstip="9.9.9.11" proto="1" length="197" tos="0x00" prec="0xc0" ttl="64" type="3" code="3"

I can write an exception in my firewalls rules, I just wanted to make sure this is expected behavior.

jfb · August 3, 2020, 3:32pm

Please post the token generated by

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

system · August 24, 2020, 3:32pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.