For telnet filtering you can place an ACL on the line itself. Note the ACL is created normally but the placement command is "access-class" Creating the ACL: Router(config)#access-list 2 permit Router(config)#access-list 2 deny any Placing the ACL: Router(config)#line vty 0 4 Router(config-line)#login Router(config-line)#password $#@!~ Router(config-line)#access-class 2 in
You need to use an extended or named ACL to filter icmp/ping. Note- you do not use an operator ("eq") with ICMP, and the service is "echo" not "ping". Creating the ACL: Router(config)#access-list 112 deny icmp echo Router(config)#access-list 112 permit tcp any any
Placing the ACL - note "access-group" is used for interfaces. Router(config)#int fa0/0 Router(config)#access-group 112 in
First for each IP address you need to specify "host" or wildcard mask
0.0.0.0 or some other mask to cover a group of addresses.
Secondly, yes effectively, if .4.2 and .5.2 are on different subnets and/or VLANS and are connected to different gateways/routers; and provided you also set up an ACL to filter traffic in the other direction.
I know it's technical, but it is a technical topic, did you check out the link in my other post? ACLs are at the top edge of "Basic Routing" (and used to be in "Intermediate Routing") as a level of difficulty - an understanding of IP routing will help make sense of it all.
However, preventing ping between 2 workstations on the same subnet/VLAN would require some host Operating System TCP/IP fiddling.