Firewall/NAT

Hi i recently updated my monowall and now it seems my firewall is showing all first 1056 ports as in stealth and failing ping test. Useing the shields up site https://www.grc.com/x/ne.dll?rh1dkyd2  even if i block icmp on the wan interface. Any input would be apreciated thanks.

ICMP is blocked on the WAN interface by default. You have a rule allowing it somewhere and it is accepting the packets before a rule that you added to block it.

Hi thanks for that. im totally confused by this ive had to add a block rule to stop pings (placed at the top of the list) but any allow rules after that don't seem to have any effect prob me not understanding it properly but it all worked before i updated to 1.8.1 just dont understand pls help.

Please post all your Firewall Rules for all interfaces. Please make sure it's readable.

Also, how is your Internet delivered?  If you say Uverse, things get ugly...  Those 2Wire modems do not actually give you a real IP, but do a NAT to a real IP shared with the 2Wire...  It could be you are pinging your gateway, not your router.

Also, how is your Internet delivered?  If you say Uverse, things get ugly...  Those 2Wire modems do not actually give you a real IP, but do a NAT to a real IP shared with the 2Wire...  It could be you are pinging your gateway, not your router.

Hi its delivered via fttc then to a bt modem and straight to my monowall box.

Hi hope this helps thanks.

Hi its delivered via fttc then to a bt modem and straight to my monowall box.

The point of the question was where is your public IP address - on your monowall or on your BT modem?

Look in Status | Interfaces. In WAN interface | IPv4 address. Is this a public IP address?

Hi its delivered via fttc then to a bt modem and straight to my monowall box.

The point of the question was where is your public IP address - on your monowall or on your BT modem?

Look in Status | Interfaces. In WAN interface | IPv4 address. Is this a public IP address?

Sorry I misunderstood the original question yes it is a public address.
as in not in my private address range

Your public IP address on your WAN interface is not pingable according to the rules you have in place. Either I am reading the rules wrong or I don't know what other reason would allow those pings.

sorry i,ve not been clear ive had to place that rule to deny ping's which it dose. But from what i read monowall should block it automatic unless a rule is placed to allow ping's all so none of the other rule seem to be allowing or opening ports Im a bit lost tbh. 

In the default install mon0wall denies all unsolicited incoming traffic unless specifically allowed by rules, or it in response to outgoing traffic.

A rule to deny pings is not required.

You might want to reset your m0n0wall to factory default and start over from scratch.

Never add any firewall rules unless you know what they do.

hi thanks for the reply is there a way just to reset the firewall back to default settings without deleting the other settings. It took a long time for me to set it up to this point (as im a noob to monowall) wish i hadnt messed about with updating it now.
what else could efect the firewall. thanks.

Resetting it back to defaults takes it all the way back to the same point as if it was a new install. Any changes you have made will be lost.

Hi now im realy confused today i reset monowall back to factory esttings and re entered all my settings from scratch and still my firewall seens to block everything. Ive tryed opening ports manualy and ive used nat to forward but everything remains closed im testing with shields up and you get signal port open tool can any one help or is it time for a complete reinstall.thanks for looking