Dear All,
I blocked ping from my LAN to all the users. But i want to allow only few users who are the administrators of the Network. Please help me to add the rules so it can allow pings to only specific IPs for monitoring purpose.
Best Regards
Vasi Akhter
Accept ICMP for the authorized IPs by making an address list.
than make a icmp reject rule to drop the rest.
This is the command i used to block and accept the icmp for a particular IP.
44 chain=forward action=drop protocol=icmp
45 chain=input action=accept protocol=icmp src-address-list=Vasi
but its not working can you tell me if i am making any mistake.
input chain is only for packets going to the router itself.
Accept rule should also be in forward chain.
Now i added one more rule for input
44 chain=forward action=drop protocol=icmp
45 chain=forward action=accept protocol=icmp src-address-list=Vasi
46 chain=input action=accept protocol=icmp src-address-list=Vasi
still its not working.
45 and 46 has to be on top of 44
I did that move 45 and 46 on top of 44 but still not working so now i don’t know what are the mistakes i am making.
Post the output of “/ip firewall nat export” and “/ip firewall address-list export”.
should be
chain=forward action=accept protocol=icmp src-address-list=Vasi
chain=forward action=accept protocol=icmp dst-address-list=Vasi
chain=forward action=drop protocol=icmp
don’t drop the response!