What's new

How do I block a range of it addresses

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

This in jffs/scripts/firewall-start and chmod a+rx /jffs/scripts/firewall-start
And like any Linux script, they need to start with a shebang: #!/bin/sh

Then you need this rule:
INPUT rule is to router itself. You maby need to use FORWARD rule.

Use that rule suite your setup.




31.223.208.0/20 fits ALL this ip-numbers.
Start IP: 31.223.208.0
End IP: 31.223.223.255
i think it work if i insert just single IP like this:

iptables -I FORWARD -s 31.223.212.19 -p tcp --dport 16740 -j DROP
iptables -I INPUT -s 31.223.212.19 -p tcp --dport 16740 -j DROP

with this 31.223.208.0/20 not working......i do not know why?
 
Try again and after you have inserted firewall rule do a: service restart_firewall from a command line eg winscp maby it is needed.
 
i did but nothing better....maybe is not possible?

@RMerlin, please add this settings to block IP, IP ranges from firewall settings inside webgui ruoter.....
 
merlin firmware 378.55 is not compatibile to blocking incoming IP addresses....I was a little disappointed.....
 
merlin firmware 378.55 is not compatibile to blocking incoming IP addresses....I was a little disappointed.....
I sure its working, then you have done something wrong.
 
Do you have rule still in FORWARD chain? Can you give output of: iptables -vnL FORWARD
 
Do you have rule still in FORWARD chain? Can you give output of: iptables -vnL FORWARD
Code:
ASUSWRT-Merlin RT-AC68U_3.0.0.4 Fri Jul 17 03:17:04 UTC 2015
admin@RT-AC68U-6D38:/tmp/home/root# iptables -vnL FORWARD
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       tcp  --  *      *       188.196.192.211      0.0.0.0/0            tcp dpt:2631
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.0/4
   15  1089 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 DROP       all  --  !br0   ppp0    0.0.0.0/0            0.0.0.0/0  
    0     0 DROP       all  --  !br0   eth0    0.0.0.0/0            0.0.0.0/0  
    0     0 DROP       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0            state INVALID
    0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0  
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate DNAT
    2   104 ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0  
admin@RT-AC68U-6D38:/tmp/home/root#

and this is rule:
Code:
#!/bin/sh
iptables -I FORWARD -s 188.196.192.211 -p tcp --dport 2631 -j DROP
iptables -I INPUT -s 188.196.192.211 -p tcp --dport 2631 -j DROP
iptables -I INPUT -p tcp --dport 2631 -j ACCEPT
 
Code:
#!/bin/sh
iptables -I FORWARD -s 188.196.192.211 -p tcp --dport 2631 -j DROP
iptables -I INPUT -s 188.196.192.211 -p tcp --dport 2631 -j DROP
iptables -I INPUT -p tcp --dport 2631 -j ACCEPT <<<<=== remove this, you should block not allow.
Is you router behind a modem or another router?
 
Code:

Is you router behind a modem or another router?
router is behind modem but is primary...asus router create pppoe connection and working all operations....modem is just bridged...if i remove this iptables iptables -I INPUT -p tcp --dport 2631 -j ACCEPT then no one have to access my udpxy server....
 
router is behind modem but is primary...asus router create pppoe connection and working all operations....modem is just bridged...if i remove this iptables iptables -I INPUT -p tcp --dport 2631 -j ACCEPT then no one have to access my udpxy server....
Okey i understand that, very strange it should work to block that ipnumber. What is output of this: iptables -vL -t filter
Are you sure it is TCP to block and not UDP?
 
Last edited:
Okey i understand that, very strange it should work to block that ipnumber. What is output of this: iptables -vL -t filter
Are you sure it is TCP to block and not UDP?

Code:
ASUSWRT-Merlin RT-AC68U_3.0.0.4 Fri Jul 17 03:17:04 UTC 2015
admin@RT-AC68U-6D38:/tmp/home/root# iptables -vL -t filter
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
3626K  145M ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:2631
    0     0 DROP       tcp  --  any    any     internet-188-196-192-211.narocnik.mobitel.si  anywhere             tcp dpt:2631
    0     0 DROP       icmp --  ppp0   any     anywhere             anywhere             icmp echo-request
   27  1621 DROP       all  --  ppp0   any     anywhere             anywhere             state INVALID
1908  285K ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
   48  4431 ACCEPT     all  --  lo     any     anywhere             anywhere             state NEW
1297  108K ACCEPT     all  --  br0    any     anywhere             anywhere             state NEW
  240  7680 ACCEPT     igmp --  any    any     anywhere             base-address.mcast.net/4
7260K 9757M ACCEPT     udp  --  any    any     anywhere             base-address.mcast.net/4  udp dpt:!upnp
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp spt:bootps dpt:bootpc
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp !echo-request
1447  190K DROP       all  --  any    any     anywhere             anywhere   

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       tcp  --  any    any     internet-188-196-192-211.narocnik.mobitel.si  anywhere             tcp dpt:2631
8656 3915K ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
    0     0 DROP       all  --  !br0   ppp0    anywhere             anywhere   
    0     0 DROP       all  --  !br0   eth0    anywhere             anywhere   
    0     0 DROP       all  --  eth0   any     anywhere             anywhere             state INVALID
    0     0 ACCEPT     all  --  br0    br0     anywhere             anywhere   
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT
2370  286K ACCEPT     all  --  br0    any     anywhere             anywhere   

Chain OUTPUT (policy ACCEPT 7228K packets, 9839M bytes)
pkts bytes target     prot opt in     out     source               destination

Chain FUPNP (0 references)
pkts bytes target     prot opt in     out     source               destination

Chain PControls (0 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere   

Chain logaccept (0 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  any    any     anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "ACCEPT "
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere   

Chain logdrop (0 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  any    any     anywhere             anywhere             state NEW LOG level warning tcp-sequence tcp-options ip-options prefix "DROP "
    0     0 DROP       all  --  any    any     anywhere             anywhere   
admin@RT-AC68U-6D38:/tmp/home/root#
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top