Specific Firewall (ICMP) IP Range question

Currently reading
Specific Firewall (ICMP) IP Range question

1,299
253
NAS
DS 718+, 2x-DS 720+
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
In a month or so, I will need to increase the amount of ICMP (For Pinging) Router firewall "ALLOW" Rules from 1 (Which is working fine now) to 6....
3 of IP's are scattered in 149 IP area, other 3 scattered across 72 IP area....

My Question:
In the Router Firewall ICMP rules, can I mix and match 149 & 72 IP's separated by commas, or, just group 149's in one rule, 72's in a second rule, or.... should I Just make 6 individual IP Rules ?

Thanks for your reply....
 
AFAIK the SRM firewall only permits source and destinations to be:
  • Single IP address
  • Single IP subnet
  • An IP address range, defined by specifying the first and last IP addresses
What you're asking for is called, in other firewalls, a group. There is no facility I've found to define a group nor use the Create rule's Specific IP window to add a bunch of unconnected IPs. Is it a tedious omission in the GUI or not supported in iptables?
 
Was looking at my Router Firewall Rules.....

Regarding the DENY ALL OTHERS Rule I put at end of Rule's List.... That Denies All other TCP/UDP requests not satisfied with other rules.....

Got me to thinking.... ICMP is not Listed as an option in DENY ALL OTHERS.... Rule.... Only TCP/UDP

Does this mean I should really add still another DENY ALL OTHERS Rule covering ICMP, if I want to see the HITS it generates?

Thanks....
 
Last edited:
A few hours later, I revisited... Yes, I AM getting about 50 HITS on the new DENY ALL ICMP Rule...

So Yes, it appears to be worthwhile...

OOPS!

But this prevents me from pinging any IP not previously 'allowed' above it, in firewall rules.... Ping won't get past Router..

Removing the DENY ALL ICMP Rule lets pings to any IP addresses not specifically 'allowed' in firewall rules out: past the router--once again....

So, contrary to what I thought...... ICMP is NOT Blocked in the 4 rules at bottom of the Router page!!!!

My Mind wanders: (add 2 rules: one to allow ICMP on computers on lan (range of IP's), Followed by Deny ALL ICMP (to deny al others) ??
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Update to this thread.. All still fine at neighbor's at 1.2.5-10.... (cat6 to Smart TV & Cable Box.. Wifi...
Replies
3
Views
934
On the RT2600, I use the regular network 10.86.173.X for most of my devices, including my NAS units, and...
Replies
0
Views
1,560
OK. I don't bother with QuickConnect for my router, there's nothing running on it that others need to have...
Replies
6
Views
1,366
I have setup from zero, thanks for trying to help. Thread can be closed now.
Replies
6
Views
1,865
Just asking again if more in-depth information or rules are available than link posted. I keep creating...
Replies
1
Views
1,232
Now I'm not looking on my phone.... The best you can do is to split the single 192.168.1.0/24 subnet and...
Replies
6
Views
2,057
  • Question
You can allow US traffic, and deny all else. That effectively denies all non-US traffic, and is superior...
Replies
13
Views
1,987

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top