;;; Accept ICMP From Singapore
chain=forward action=accept protocol=icmp src-address-list=SG log=no log-prefix=“”
;;; Block ICMP Out Of Singapore
chain=forward action=drop protocol=icmp log=no log-prefix=“”
With above rule i can block anybody out of Singapore to ping my network but allow anybody from Singapore to ping, but with that rule also effected to my network and my network cant ping any ip out of my network, so how can i allow all my ip on my network able to ping to any ip ?
I guess is the WAN connection the one you want to restrict, if so, you can simplify it to a single rule, removing your current accept one, and leaving the drop one by adding in-interface=yourwaninterface to it:
/ip firewall filter
add chain=input action=drop protocol=icmp protocol=icmp in-interface=yourwaninterface src-address-list=!SG \
log=no comment="Block ICMP Out Of Singapore"
i.e.: Drop all ping from internet, but from those in SG address-list.
The first thing you NEED to understand is that ICMP is NOT the same as PING!
By blocking ICMP you will probably seriously break your network. You need to know how ICMP works and maybe block only PING, not entire ICMP.
If you want to block incoming ICMP to your MikroTik, than it’s a INPUT chain.
Forward chain will block your local servers and desktops from using ICMP.