[Solved] Firewall ipset rules help

Installing and Using OpenWrt Network and Wireless Configuration
#1

ok i want to allow ping only from selected ipset ips
can someone help me with what
i tried the following but didn't work

config rule
	option name 'NIXStats--Allow-Ping'
	option src 'wan'
	option ipset 'nixstats'
	option proto 'icmp'
	option family 'ipv4'
	option icmp_type 'echo-request'
	option limit '500/sec'
	option target 'ACCEPT'

and in custom firewall rules

iptables -A INPUT -m set --match-set nixstats -p icmp --icmp-type 8 -j ACCEPT
#2

I have placeed my ruleset in LuCI:

config rule                                     
        option target 'ACCEPT'                      
        option name 'Ping-from-IPSET'                              
        option family 'ipv4'                    
        option proto 'icmp'                              
        list icmp_type 'echo-request'                                        
        option dest 'lan'                   
        option extra '-m set --match-set ipsetno1 src'                     
        option src 'wan'

The equivalent command line rule was:

iptables -A INPUT -m set --match-set ipsetno1 src -p icmp --icmp-type 8 -j ACCEPT

I think you were missing SRC.

1 Like
How to setup a firewall "white-list" and how to use ip-set on LEDE?
#3

Thanks. It works!

1 Like
#4

If your problem is solved, please consider marking the topic as [Solved] (Click the pencil behind the topic...).