Allow pings from a single IP

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

RandInetUser

New Around Here
Hello,

If ICMP (pings, etc.) is blocked in the firewall, it is possible to white list a single ip?

...using SSH or Telnet, the web interface only allows to enable all or none.

Thank you
 

ColinTaylor

Part of the Furniture
You can use the following command but I don't know how to make it survive a reboot using stock firmware.
Code:
iptables -I INPUT -s 11.22.33.44 -p icmp -j ACCEPT
 

ColinTaylor

Part of the Furniture
*** OK forget this. I think the USB drive would be mounted before the WAN interface came up, so the changes to the firewall will be wiped out. ***


Looking at this post it might be possible if you normally have a USB drive plugged into the router.

I'm guessing you would for example create a script called /jffs/usbmount.sh containing this:
Code:
#!/bin/sh
iptables -I INPUT -s 11.22.33.44 -p icmp -j ACCEPT
And then trigger it at boot by setting these:
Code:
chmod 755 /jffs/usbmount.sh

nvram set usb_automount="1"
nvram set script_usbmount="/jffs/usbmount.sh"
nvram commit
Applying any WAN related changes through the GUI is likely to remove the iptables entry until the router is next rebooted.
 
Last edited:

eibgrad

Very Senior Member
*** OK forget this. I think the USB drive would be mounted before the WAN interface came up, so the changes to the firewall will be wiped out. ***


Looking at this post it might be possible if you normally have a USB drive plugged into the router.

I'm guessing you would for example create a script called /jffs/usbmount.sh containing this:
Code:
#!/bin/sh
iptables -I INPUT -s 11.22.33.44 -p icmp -j ACCEPT
And then trigger it at boot by setting these:
Code:
chmod 755 /jffs/usbmount.sh

nvram set usb_automount="1"
nvram set script_usbmount="/jffs/usbmount.sh"
nvram commit
Applying any WAN related changes through the GUI is likely to remove the iptables entry until the router is next rebooted.
Assuming you *can* get the script started, what's to stop you from running the script in a loop, and as a background job, continually checking if the firewall rule is still there, and if not, reapplying it?

Code:
#!/bin/sh
(
while sleep 60; do
  <some work>
done
) &
 
Last edited:

ColinTaylor

Part of the Furniture
Assuming you *can* get the script started, what's to stop you from running the script in a loop, and as a background job, continually checking if the firewall rule is still there, and if not, reapplying it?
Yes that could work. You could even be really lazy and not bother checking for the existing rule. :D
Code:
iptables -D INPUT -s 11.22.33.44 -p icmp -j ACCEPT 2> /dev/null
iptables -I INPUT -s 11.22.33.44 -p icmp -j ACCEPT
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top