ok i want to allow ping only from selected ipset ips
can someone help me with what
i tried the following but didn't work
config rule
option name 'NIXStats--Allow-Ping'
option src 'wan'
option ipset 'nixstats'
option proto 'icmp'
option family 'ipv4'
option icmp_type 'echo-request'
option limit '500/sec'
option target 'ACCEPT'
and in custom firewall rules
iptables -A INPUT -m set --match-set nixstats -p icmp --icmp-type 8 -j ACCEPT
I have placeed my ruleset in LuCI:
config rule
option target 'ACCEPT'
option name 'Ping-from-IPSET'
option family 'ipv4'
option proto 'icmp'
list icmp_type 'echo-request'
option dest 'lan'
option extra '-m set --match-set ipsetno1 src'
option src 'wan'
The equivalent command line rule was:
iptables -A INPUT -m set --match-set ipsetno1 src -p icmp --icmp-type 8 -j ACCEPT
I think you were missing SRC.
Thanks. It works!
If your problem is solved, please consider marking the topic as [Solved] (Click the pencil behind the topic...).