OpenWrt Forum Archive

Topic: How do I drop ICMP to WAN interface using iptables?

The content of this topic has been archived on 15 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
reison
3 Jan 2006, 22:59

My goal is to drop ICMP to my public IP address [WAN interface], but being an iptables n00b,I'm having trouble figuring out how to do it and am looking for some advice/help.

From the googling I've done, it seems that I should be able to put

iptables -A INPUT -i eth0 -p icmp -j DROP

in /etc/init.d/S45firewall, reboot and have it do exactly that, but it doesn't seem to work for me.

Should I add that code to /etc/firewall.user instead? Is my syntax all wrong? Do I need to do something more/different that rebooting to have the changes to /etc/init.d/S45firewall take effect?

Thanks in advance...

Post #2
olli
3 Jan 2006, 23:05

Edit /etc/firewall.user and include this line:

iptables -A input_rule -i $WAN -p icmp -j DROP

than rerun /etc/firewall.user

Basic iptables rules. Search on Google for a iptables tutorial.

reison wrote:

Should I add that code to /etc/firewall.user instead? Is my syntax all wrong? Do I need to do something more/different that rebooting to have the changes to /etc/init.d/S45firewall take effect?

Pleae see the OpenWrt FAQ.

(Last edited by olli on 3 Jan 2006, 23:08)

Post #3
florian_
3 Jan 2006, 23:06

You are using the right syntax, but replace eth0 by $WAN and it will work.

Post #4
reison
4 Jan 2006, 02:14

Thank you, olli and RItalMan--worked just as you said!

The discussion might have continued from here.