How do you block all wan pings except for ones from specific IPs?

I want to only allow ping responses from specific IP ranges, here’s what I have so far, but it’s not working.

pass in log break end proto icmp from x.x.x.x/x to addr-ppp 1 inspect-state
block in log break end proto icmp to any

Hi if you are applying this to the wan interface you might want to add this

pass out break end from addr-ppp1 to any

the other thing is to use the analyser to see what is being dropped on the interface and what is coming in as other rules could be effecting the results

regards
James