Q: [SOLVED] Disable ping from 1 wan interface only to 2nd ISP gateway

Hi !

I have a case with unusually bogus ISP, its gateway can be ping-ed from another ISP ip. So my failover script doesn’t work because ping go through no matter what.

“ping -I eth0 ip.x.x.x” does NOT work on VyOS for whatever reason, ping doesn’t accept arguments like on another distro.

How to disable ping from from VyOS itself from eth1 to gateway of this ISP only?
Bogus ISP link connected to eth0.

I tried with addition to zone based firewall yet it didn’t worked.

set zone-policy zone ZONE-WAN interface eth0
set zone-policy zone ZONE-WAN interface eth1
set zone-policy zone ZONE-DMZ interface eth2
set zone-policy zone ZONE-INT interface eth3
--------
set zone-policy zone ZONE-ROUTER-LOCAL local-zone 
set zone-policy zone ZONE-ROUTER-LOCAL default-action drop
--------
set zone-policy zone ZONE-ROUTER-LOCAL from ZONE-WAN firewall name FW-RT-2LOC-SSH

-------
set firewall name FW-RT-2LOC-SSH rule 168 action drop
set firewall name FW-RT-2LOC-SSH rule 168 protocol icmp
set firewall name FW-RT-2LOC-SSH rule 168 destination address bugus.isp.gw.ip
set firewall name FW-RT-2LOC-SSH rule 168 source address isp2.wan.ip.xx

Thanks in advance for any suggestion(s).

S*** !!!
It doesn’t work from VyOS CLI where I run it first, yet it works in bash script !
How I could miss that ???

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.