I need to block ping to some, but not all ip addresses.
I have added a rule to the packet filter to drop icmp for one ip address and it works fine.
I added a several other rules the same way, and just changed the destination ip address, but only the first rule in the list is used.
I have tested this by changing the order of the rules - it's always just the first rule which is used.

The rule itself is ok, as one of them works. All the rules are ticked as 'on'.

Sounds very much like this topic, which doesn't appear to have been resolved.

http://forums.untangle.com/showthread.php?t=5351

This is Untangle 5.3 in bridge mode.

Slightly different, in your case you have to use the packet filter as it is the one that controls ICMP.

Now, the packet filter unlike the firewall CAN accept ranges and lists. So use your single rule, but in the destination IP field separate IP's with a ", "

Thanks, I'll try that.

However I still don't understand why only one rule is used.
I've used 'iptables -L -t mangle' and in the firewall-rules chain there is only one of my rules listed.
This would appear to be a problem with the user interface not adding the other rules for some reason.

Edit:
Ok, I've added the other addresses in with a comma in between (with and without spaces).
Even then, it's only the first IP that is added to a rule. Rearranging the order of addresses within that same line still only works for the first one.

Well I wish I could help more but my Untangle refuses to block ICMP for some reason. I'll have to fight this thing when I get back from my service calls for today.

Ok, several more questions today. :)

The version of iptables installed is 1.3.6 which dates back to Sep 2006. Can I install the latest packages without breaking anything else?

I've looked at /var/log/untangle-net-alpaca/iptables.log and it's trying to create the new rules, but failing with the message:
iptables: Too many levels of symbolic links

I believe this may be fixed in a later version of iptables and actually should read:
iptables: Loop found in table
(see http://lists.netfilter.org/pipermail/netfilter-devel/2007-August/029037.html)

I have no idea what the loop would be. The command itself is:
/sbin/iptables -t mangle -A firewall-rules -p icmp --destination my.ip.address -m mark --mark 2/2 --source my.other.ip.address -g alpaca-pf-drop

hi guys,
im using Untangle 5.4.2, still having problem with this issue
any solution on this ? :confused::worship: