Menu
What's new
By:
Filters Better Search

iptables

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. M

    AdGuardHome IPTables blocking TLS port 853 from other hosts

    While testing out an AdGuard Home instance on a Docker container, it failed to reach upstream TLS servers. Upon closer inspection, I traced the packets back to the AX86U router IPTables. There is a chain called "DNSFILTER_DOT" that is blocking any packet on port 853 that is not destined for...
  2. U

    IPtable entries not saving?

    to expand on the title, I keep making rules however when I go to check them they arent there. Are they being overwritten by AMTM scripts? I can list what I have installed if this is a possibility
  3. Z

    wgclient-start with iptables nat rules after router reboot

    I have a wgclient-start (and its wgclient-stop counterpart) with some iptables rules to modify a nat. It works as expected when enabling/disabling wg client. However, after router (RT-AX86U with 388.2_2) reboot, all iptables rules set by the script are missing though the script has been...
  4. dacid44

    Routing packets through a wireguard client

    This might just be an iptables thing, but I can't figure it out. Short version: I'm trying to forward packets from a VPS to the router over wireguard (router is client) and forward them to the correct device on the LAN. I have a setup that I'm trying to carry over from my old DD-WRT router...
    • dacid44
    • Thread
    • asuswrt-merlin iptables nat routing rt-ax86u vpn wireguard
    • Replies: 15
    • Forum: Asuswrt-Merlin
  5. J

    Allowing just one device to subnet (iptables or Network Services Filter?)

    Due to my ISP forcing me to use their router if I want to use their bundled VOIP service, since upgrading to FTTP I now have to have my ASUS sitting behind my ISP's router. Annoyingly they don't allow their router to run in a bridged mode. As much as I can I have tried to make it a native...
    • JimbobJay
    • Thread
    • blocked ip client device list deny firewall iptables network services filter
    • Replies: 0
    • Forum: Asuswrt-Merlin
  6. lluke

    No internet on clients after firewall restart (WG, Unbound, YazFi)

    Hi all, on my 2 RT-AC86U whenever I face a connectivity re-connect (also done from the scmerlin add-on Internet Connection restart action) or a VPN change (e.g., updating and saving the IPSec VPN Server config) restart the firewall then every service on the router is properly working (Unbound...
    • lluke
    • Thread
    • connected but no internet firewall iptables unbound wireguard yazfi
    • Replies: 10
    • Forum: Asuswrt-Merlin AddOns
  7. savage75

    Asuswrt official iptables-save not saving changes permanently

    Hi folks! Trying to set a rule on iptables for nat permanently but no luck ? iptables -t nat -A POSTROUTING -s 10.2.0.0/24 -o br0 -j MASQUERADE I tried using iptables-save -t nat or just iptables-save but still no success and every changes will disappear after restarting ?? any ideas how I...
  8. W

    Restricting access to OpenVPN server via iptables

    Hi! I’m allowing access to my OpenVPN server only for predefined ipset via rewriting existing iptables rules using openvpn-event user script. What I’m currently doing: in openvpn-event I’m rewriting standard openvpn rule like: if iptables -C INPUT -p $proto -m $proto --dport $server_port -j...
    • wrtuser
    • Thread
    • fw.sh iptables openvpn openvpn server openvpn-event user script
    • Replies: 2
    • Forum: Asuswrt-Merlin
  9. J

    Skynet Rule integrity violation & mounted files missing

    I’ve been having all sorts of issues with SkyNet lately — not sure what’s going on. Can someone assist me with the above error message? Please & thank you.
    • JTnola
    • Thread
    • cronjob iptables lock file mounted files missing rule integrity violation skynet
    • Replies: 1
    • Forum: Asuswrt-Merlin AddOns
  10. dave14305

    Why does DNSFilter use the mangle table for IPv6?

    It looks like it's been this way forever, but why does DNSFilter use the mangle table to drop IPv6 traffic? Generally, the mangle table is only for mangling packet headers, not dropping them. Seems this would be better suited for the filter table. Probably a moot point with newer routers...
  11. J

    IPTables allow access to specific ports from tun21 to new bridge

    Hi, I have an Asus RT-AX58U with Merlin. Thanks to another post in this forum, I managed to create a new bridge (br100), and isolate it from my LAN (br0). I managed to allow only specific traffic from br0 to br100. It works fine. But, yesterday, I realized that while I'm connected through VPN...
  12. J

    iptables - grant access to a specific IP only to one user

    Hi! I'm new here, I just installed Asuswrt-merlin on my RT-AX58U. I've configured OpenVPN and everything is working fine, I created multiple users and assigned static IPs using this guide. Now, I would like to configure some rules using iptables to achieve this: - Only two users can access the...
  13. Phantomski

    Port Forwarding and Skynet firewall ruleset

    Hi everyone, playing a bit with log management / analysis and potential feedback loop to live firewall rules. Call it a poor man tinkerer IDS/IPS :D I have a fairly simple setup with RT-AC88U (with Skynet) using port forwarding rules on ports 80 and 443, redirecting to a Docker-ised rPi4...
  14. adri

    YazFi YazFi - Combining guest networks/subnets

    Hi, so this came up in my other thread, but I wanted to start a new one since it's a separate issue and I like separation of concerns :) . I want to make it so that, for one of my guest networks, the 2.4GHz segment (.14 subnet) can talk to the 5GHz segment (.15 subnet) and vice-versa, without...
    • adri
    • Thread
    • firewall guest networks iptables subnets testing user scripts yazfi
    • Replies: 9
    • Forum: Asuswrt-Merlin AddOns
  15. gspannu

    [Help] DNS Forwarding, User scripts, Launching at startup

    Some help needed in creating scripts and firewall rules… Requirement: R1) I wish to run my own dnsproxy server at port 53535 (installed at /jiffs/dnsproxy/dnsproxy). This is a opensource software available on Gthub known as dnsproxy. I have tested this on the Asus Router and it has been running...
    • gspannu
    • Thread
    • dns dnsproxy firewall-start help iptables launch nat-start user scripts
    • Replies: 0
    • Forum: Asuswrt-Merlin
  16. C

    Firewall Rules - Block all connections except VPN

    I am currently using an ASUS router (RT-AC68U with Merlin firmware - 386.4). I want to connect a single client to an OpenVPN server with no traffic other than the VPN allowed. I don't want to use the OpenVPN client in the router as speeds are low when using the VPN, so I'm looking to use an...
  17. B

    How to restrict guest network intranet to SSH & http only?

    So some background first on what I'm doing. I have an Asus AC66U running ASUSWRT-merlin (380.70). My main home network is running on 192.168.1.xxx/24 I'm planning to engage a freelance dev on fiverr to do some dev work for me, to interface with an industrial device using my raspberry pi. To...
  18. garycnew

    Solved [SOLUTION] Asuswrt-Merlin 384.19 PortForwarding Not Working To Private Gateway Address

    All: I've run into an issue on Asuswrt-Merlin 384.19 where creating a PortForward through Advance Settings > WAN > Virtual Server/PortForwarding creates the following iptables (but are not working): iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT iptables -A VSERVER -p tcp -m tcp...
  19. R

    How to setup VPN client routes via SSH

    My end goal is to route all traffic hitting a specific media service through my VPN client. I've got a list of IPs that is dynamically updated using this service's various URLs. I'd like to force any traffic coming from any device on my network that is destined for one of these IPs, to go over...
  20. A

    Custom IPTables Rules for DNS Redirect

    I want to add some rules into iptables so that my Google/Nest smart devices stop calling Google DNS directly, and the Google DNS calls they do are redirected to my AdGuard Home DNS server which will reply with the appropriate DNS records. I know I can probably use DNSFiltering, but want to...
Top