What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

A Question re blocking IPs via iptables and aiprotect

M

Marcus Yansen

Regular Contributor
So I am getting a bunch of attacks I see in aiprotect. They seem to be from the same set of ips. I blocked these ips using iptables, but i still see the attacks coming from these ips - did I use the wrong commands, or should I see the attacks even after I blocked ips? I am on asus merlin, latest version.

This the command I used:

iptables -I INPUT -s [117.48.157.75] -j DROP

iptables -I OUTPUT -d [117.48.157.75] -j DROP

screenshot of the attacks:

uBdeupbF_o.png
 
If the traffic is between a client and the remote IP, you should test the FORWARD chain. INPUT and OUTPUT are for traffic coming to or from the router only.

Any incoming traffic should be blocked by default, so if it’s a response to a client connection, it should be inserted early in the forward chain.

Better to create a single rule that references an ipset containing all the IPs. Or look at Skynet Addon.
 
Ok thank you. yes these attacks are hitting my computer - i assumed that first they had to get through the router so i thought blocking at router level was sufficient. I will be installing Skynet tomorrow. and i suppose i have to install ipset too, correct? Is this an appropriate guide for using ipset to block multiple ips?

to add multiple multiple ips i separate them by commas?
For example, sudo ipset add blacklist 192.168.10.10, 192.168.10.11
 
Just install Skynet and be sure the “Import AiProtect Data” is enabled in its settings.
 
dave14305 said:
Just install Skynet and be sure the “Import AiProtect Data” is enabled in its settings.
Click to expand...
After I install skynet, I'll be turning of airprotect right as it would be somewhat redundant? Or does it provide any benefits? - i only have the Two-Way IPS and infected device prevention and blocking checked on though, I don't use the malicious site blocking feature.
 
Thank you so much,, all done and i imported aiprotect settings through the settings option of skynet. 👍
 
Last edited:
You must log in or register to reply here.

Similar threads

S
Firewall rule to block firmware updates
Replies
5
Views
604
JGrana
JGrana
C
Port / device isolation AX88U
Replies
2
Views
900
cputoaster
C
Y
NAT problem (Asus RT-AX88U Pro, Merlin 3006.102.4, Starlink, PureVPN with dedicated IP and Port forwarding)
Replies
7
Views
399
YvesBk
Y
T
Internet connection via ISP despite existing VPN connection in the Asus RT-AC 86U
Replies
5
Views
642
tom
T
adri
Firewall, Port Forwarding, and DoS Question
Replies
8
Views
1K
ColinTaylor
C
Similar threads
Thread starter Title Forum Replies Date
M DNS masq related question Asuswrt-Merlin 22
S GT-AXE16000 Guest Vlan question with ubiquiti Asuswrt-Merlin 1
B 3006 firmware Aimesh question Asuswrt-Merlin 4
bassoonsun Killswitch 3004 Question Asuswrt-Merlin 0
A Question about RT-AX58U firmware and Aimesh Asuswrt-Merlin 6
W3Wilkes RT-AX86U IoT (guest network) Intranet Question Asuswrt-Merlin 15
CaptnDanLKW Not Another One! But yes, AX or BE Question Asuswrt-Merlin 5
adri Firewall, Port Forwarding, and DoS Question Asuswrt-Merlin 8
P Basic question on usericon files Asuswrt-Merlin 0
E Question about DDNS forced update interval RT-AX86U Asuswrt-Merlin 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 775 (members: 26, guests: 749)
Back
Top