How to enable Ping from a specific IP address/subnet range for RHEL/Linux

sysadmin
rhel7
centos7
iptables
firewall

#1

Can someone let me know the exact rule (command) that will only allow incoming Ping ICMP requests from IP range 10.140.0.0/16 and block all others ?


#2

Try something as follows (assuming that the default DROP policy is enabled):

SERVER_IP="202.54.10.20" # <--- your server ip here
SUBNET="10.140.0.0/16"
/sbin/iptables -A INPUT -p icmp --icmp-type 8 -s $SUBNET -d $SERVER_IP -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -p icmp --icmp-type 0 -s $SERVER_IP -d $SUBNET -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p ICMP --icmp-type 8 -j DROP

Another short rule:

iptables -A INPUT -s 10.140.0.0/16 -p ICMP --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP --icmp-type 8 -j DROP

For more info see:

  1. Linux Iptables allow or block ICMP ping request
  2. Linux disable or drop / block ping packets all together