Menu
What's new
By:
Filters Better Search

Block all but 1 IP on a port

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

T

Trevor Matthews

New Around Here
Greetings. I just bought my AC-RT68U on the weekend and upgraded it last night to Merlin hoping to address a couple issues. One of the issues I'm having I still can't address through the web interface. I've read through a dozen posts I searched but still haven't found a silver bullet.

I'm using port forwarding to run a SSH server who's logs are being flooded with 50,000+ log on attempts daily from China mostly.

I want to block all INBOUND internet traffic on port 22 - except on 1 or 2 known IPs ranges I use.

In my research I've come to the conclusion that IPTables is what I need to do, but either my rules aren't right or something. I know too that once I get the right rule I'll have to put them in a config file in jffs land somewhere, but one thing at a time.

What I'm doing (that isn't working)

x's are IPs obviously. So first I'm inserting a rule to allow traffic from specific IPs, and then the rule to block everything else, but no luck

iptables -I INPUT 2 -p tcp -s 192.168.0.*/16,xx.xxx.0.0/16,xxx.xx.0.0/16,xxx.xx.0.0/16 --dport 22 -j ACCEPT
iptables -I INPUT 6 -p tcp --dport 22 -j DROP

Any help would be appreciated. My old router let me do inbound filters in the web UI and then attach them to a virtual server, so this is getting a little more involved for me.
 
The INPUT chain is for traffic terminated on your router. For forwarded traffic, the rules must be in the FORWARD chain.
 
Trevor Matthews said:
Such a small but important tip! Thanks I shall give that a try tonight!!
Click to expand...

Port 22 is very well known for SSH and gets hammered A LOT. Why not run the SSH on port 2222 or something? Not perfect and you'll still get some hammering, but it will be much much less
 
Yes, and maybe that's the way I should go even if I get the filtering working. The only problem is I've been at some work sites where only the fewest standard ports are open through their firewalls. Right now I'm forwarding it on port 443 til I get this sorted out, and I'm get surprisingly little invalid traffic there. Thanks for the tip though!
 
You must log in or register to reply here.

Similar threads

GShlomi
Sharing my DualWan with port forwarding and DDNS experience
Replies
0
Views
146
GShlomi
GShlomi
G
VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN
Replies
4
Views
408
Grefyne
G
H
Solved Beginners firewall question.
Replies
6
Views
796
Henk-J
H
H
Port Forwarding Over WireGuard Connection?
2
Replies
22
Views
2K
houmi
houmi
P
Port Forwarding Transmission with AirVPN
Replies
2
Views
777
pavlfz
P
Similar threads
Thread starter Title Forum Replies Date
S Asus merlin: How to block communication between two device on the network? Asuswrt-Merlin 14
T Block YouTube from specific devices only Asuswrt-Merlin 2
Bieniu How to block access to specific IP addresses for OpenVPN clients? Asuswrt-Merlin 0
M Block Internet Access not working immediately Asuswrt-Merlin 6
PaulA Port isolation on RT-AX88U-Pro (router) w/ Merlin w/ Tagged internet ISP Asuswrt-Merlin 1
N Connecting an ax58u to a BT homehub 5, via a lan port, and not getting internet access. Asuswrt-Merlin 3
D Redirect port 443 to 8443 Asuswrt-Merlin 6
GShlomi Sharing my DualWan with port forwarding and DDNS experience Asuswrt-Merlin 0
C 3004.388.6_2 media bridge mode (RT-AX86U but maybe others also) - port status missing Asuswrt-Merlin 8
P Google TV on lan port drops connection Asuswrt-Merlin 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 929 (members: 35, guests: 894)
Top