• ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

    Aegis Aegis (simple yet effective protection)

    Due to new forum rules on threads older than six months, here is a fresh new one, good until April 2021. Previous thread Aegis A firewall blocklist script for Netgear R7800 and R9000 Routers with Voxel firmware. Should work with some other models as well. What is it? It is a script that...
  2. ThePooBurner

    Is there a script for configuring VLANs?

    Hi everyone. I've been scouring this forum for a couple months now looking for information on using VLANs via scripting and trying to make sense of everything that I've read. I'm not making this post lightly, as in most of what i've read there seem to be a lot "You should have searched first...
  3. S

    DNS redirect to local DNS server

    Hi! Some of my devices use an hard-coded DNS server, i.e. I like to re-direct this DNS traffic to my local unbound DNS server by using the firewall script of my AC86 router. I use the following IPTABLES commands. The rule is added correctly to iptables. Are these rules correct and how...
  4. G

    iptables entries not run from openvpn-event on reboot

    I'm running version 384.17 of Asuswrt-Merlin on an RT-AC66U_B1, I have an openvpn-event script in /jffs/scripts that uses a template that calls a vpnserver1-up and vpnserver1-down script. These up and down scripts contain custom rules I add to the iptables, the first and most important being the...

    Aegis aegis: a firewall blocklist

    aegis is the successor of firewall-blocklist: https://www.snbforums.com/threads/r7800-r9000-probably-others-blocklist-based-firewall-addon.63241/ It starts with version 1.0.0, but is more recent than latest firewall-blocklist aegis A firewall blocklist script for Netgear R7800 and R9000 Routers...
  6. E

    AsusWRT Merlin iptables

    Hello there! I have several (smarthome) devices that phone home while that is not necessary due to local integration. To block devices from accessing the internet I usually use the 'Block Internet Access' function in the GUI. It seems this function uses DROP to block access. The smarthome...
  7. solstyce

    how to debug an iptable problem?

    I'm an iptables savage - I know just enough to know how thoroughly I could ruin my network configuration, and could use some help. I've tried to wrap my head around iptables several times over the years, and each time stagger away with a headache. I've run into a problem where my AC68U drops...
  8. amplatfus

    [SOLVED] Firewalling Samba for one manually assigned IP

    Hi all, I am trying to restrict access to router external USB storage with SAMBA active. I tried using below rules in firewall, but nothing worked Could you please provide some things to try? iptables -A FORWARD -s -d -p tcp --sport 137:139 -j DROP iptables -A FORWARD...

    [R7800] warnings with iptables

    Hello to all, Several R7800 users (maybe other models too) noticed some warnings when restarting the firewall. It does not seem to affect the router functionality, but since a good chunk of people here, are working to make this router better, it would be nice to go to the bottom of these...

    [R7800, R9000 & probably others] Blocklist based Firewall addon

    DEPRECATED Now use aegis: https://www.snbforums.com/threads/aegis-a-firewall-blocklist.64128/ I made a blocklist based firewall addon for myself, and I improved it to share it here as it can interest others. Firewall Blocklist Firewall blocklist script for Netgear R7800 and R9000 Routers...
  11. N

    Anybody able to get NoDogSplash working?

    I'm trying to build NoDogSplash on AsusWrt Merlin 384.14. Compile is fine, configuration also ok. But when I start nodogsplash, it complaining that iptables version is too low. It requires 1.4.17, and AsusWrt Merlin using iptables 1.4.15. Manually lower requirement to v1.4.15 cause error like...
  12. ihoman202

    Need Help Resetting IPSet / IPTables

    I have ASUS Merlin on an ASUS RT-AC68U on the latest firmware as of this post it's 384.13 and decided to try the Asus Merlin SkyNet Project but it made things really bizzard really quickly - My Family uses Charter / Spectrum and I use a Verizon Modem on my own ASUS routers - regardless both of...
  13. F

    Question regarding haproxy and iptables

    I've installed haproxy via entware so that I can tunnel both openvpn (running on router) and a separate locally hosted https server through port 443 of my router. I need to tunnel openvpn over port 443 because some WiFis block access to non standard ports and I need https over 443 so that the...
  14. P

    [R9000] iptables / dns redirect issue

    Hello, I've been having a weird issue that I've been unable to solve and could use some help. I'm running an R9000 with Voxel's latest firmware. I also have a Raspberry Pi on the network serving DNS over Cloudflared DoH (DNS over HTTPS). The R9000 IPv4 DNS is set to (the Pi) without...
  15. macster2075

    Iptables help

    Hi.. Is there an iptable or script I can use to block a specific device (IP) from accessing a specific website?
  16. A

    Trouble Setting Up iptables

    Hello everyone, I need some help setting up iptables. I've followed this guide: https://torguard.net/knowledgebase.php?action=displayarticle&catid=60&id=165 I'm currently running the latest Merlin on a RT-AC68R and have setup OpenVPN using this guide...
  17. P

    Why my iptables LOG rule doesn't get applied for local traffic?

    I have the following rule to log traffic (for wake on LAN purposes) iptables -I FORWARD -d 192.168.1.X -p tcp --dport 7000:8332 -m state --state NEW -j LOG --log-prefix "[2WAKE] XX:XX:XX:XX:XX:XX" which does work for traffic from WAN that gets to my local network (through opened ports) but...
  18. N

    [SOLVED] Doubt about custom iptables script

    Greetings, My problem: i have a chromecast and recently some people found a way to abuse them since they open several ports to the outside. Google's answer to that was "the chromecast is working correctly, the problem is that your router is misconfigured, you need to disable upnp and the...
  19. P

    OpenVPN automatic firewall rules (iptables)

    After upgrading to 384.10_2 recently, I took a look at the automatic firewall rules created for OpenVPN server. The short script on my router looks like this. #!/bin/sh iptables -t nat -I PREROUTING -p udp --dport 1194 -j ACCEPT iptables -I INPUT -p udp --dport 1194 -j ACCEPT iptables -I OVPN...
  20. M

    Reroute dropped packets

    Packets to be dropped seem to end in filter INPUT to be discarded by the default drop rule, how to redirect them to a LAN ip to act as a catchall? Could save some trouble every time a service changes ports, it's an outwards facing box anyway so receiving unwanted traffic is no problem, or to run...