What's new

Allow pings from a single IP

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

RandInetUser

New Around Here
Hello,

If ICMP (pings, etc.) is blocked in the firewall, it is possible to white list a single ip?

...using SSH or Telnet, the web interface only allows to enable all or none.

Thank you
 
You can use the following command but I don't know how to make it survive a reboot using stock firmware.
Code:
iptables -I INPUT -s 11.22.33.44 -p icmp -j ACCEPT
 
*** OK forget this. I think the USB drive would be mounted before the WAN interface came up, so the changes to the firewall will be wiped out. ***


Looking at this post it might be possible if you normally have a USB drive plugged into the router.

I'm guessing you would for example create a script called /jffs/usbmount.sh containing this:
Code:
#!/bin/sh
iptables -I INPUT -s 11.22.33.44 -p icmp -j ACCEPT
And then trigger it at boot by setting these:
Code:
chmod 755 /jffs/usbmount.sh

nvram set usb_automount="1"
nvram set script_usbmount="/jffs/usbmount.sh"
nvram commit

Applying any WAN related changes through the GUI is likely to remove the iptables entry until the router is next rebooted.
 
Last edited:
*** OK forget this. I think the USB drive would be mounted before the WAN interface came up, so the changes to the firewall will be wiped out. ***


Looking at this post it might be possible if you normally have a USB drive plugged into the router.

I'm guessing you would for example create a script called /jffs/usbmount.sh containing this:
Code:
#!/bin/sh
iptables -I INPUT -s 11.22.33.44 -p icmp -j ACCEPT
And then trigger it at boot by setting these:
Code:
chmod 755 /jffs/usbmount.sh

nvram set usb_automount="1"
nvram set script_usbmount="/jffs/usbmount.sh"
nvram commit

Applying any WAN related changes through the GUI is likely to remove the iptables entry until the router is next rebooted.

Assuming you *can* get the script started, what's to stop you from running the script in a loop, and as a background job, continually checking if the firewall rule is still there, and if not, reapplying it?

Code:
#!/bin/sh
(
while sleep 60; do
  <some work>
done
) &
 
Last edited:
Assuming you *can* get the script started, what's to stop you from running the script in a loop, and as a background job, continually checking if the firewall rule is still there, and if not, reapplying it?
Yes that could work. You could even be really lazy and not bother checking for the existing rule. :D
Code:
iptables -D INPUT -s 11.22.33.44 -p icmp -j ACCEPT 2> /dev/null
iptables -I INPUT -s 11.22.33.44 -p icmp -j ACCEPT
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top