router replying to WAN ping even with respond ICMP setting disabled

Hi All,
I have a RT-AC88U router, which connects to 3 other (1xAC88U and 2xAC68U) mesh nodes. All have merlin (384.19) firmware flashed. Pihole/DHCP and recursive DNS (unbound) running on another machine on network.

The issue is I have disabled Respond to ICMP Echo request from WAN on the router, but running a test on ShieldsUp website; informs me my system has replied to ping. Even with Skynet enabled or disabled, I get the same result. I am new to iptables, (have already locked myself out of the router a few times and had to remake the whole mesh network) and have attached the output file as well. The iptable entries are defaults haved changed them this time. Any help to resolve this issue would be appreciated.


Does your RT-AC88U have a public IP address? Maybe it is NATed behind another router.


No, it was a bit of a long shot. If your router didn't have a public IP address (e.g. it was 100.64.x.y) the ping replies would have made sense.

I suppose it's still possible that it's a false positive being generated by your ISP's equipment, but that seems unlikely.

What kind of connection to the internet do you have, cable modem? Are you using a VPN client on the router?

Have you rebooted the router since changing that option in the GUI?


I'm out of ideas. The iptables output you provided shows there are no matches to the DROP rule in the INPUT_PING chain. But maybe that was becuase you hadn't done the ShieldsUp test since resetting the counters.


Note that if you test over IPv6, your router will always respond to ICMP ECHO requests because that is mandated by the RFCs.

