What's new

Asus RT-AX89X How to add A firewall blacklist composed of Stretchoid scanners

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

majika

Occasional Visitor
Hi,
As the title of this post pretty much explains the question I am trying to figure out an answer for and any tips or suggestion's would be greatly appreciated..
I made a recent purchase of this router and it is a very nice bit of kit indeed..

BUT and this is a huge BUT...

..where can I customise which IPv4 address(es) to either specifically allow/disallow/reject?

I can see the Famous IPv6 IP/CIDR list <Inbound Firewall Rules (Max Limit : 128)>
But NO IPv4 Addresses are allowed to be entered.

If I head here :-
http(s)://<gatewayhostname.domain.lan>/Advanced_BasicFirewall_Content.asp

It offers these as inputs:
Service Name | Remote IP/CIDR | Local IP | Port Range | Proto| Add/ Del

The GUI form only accepts IPv6 addresses nothing for IPv4.

Am I stupid? and/or missing something completely obvious?
The only other location would be under the Network Services Filter Table (Max Limit : 32)
This is not the same as being able to flat-out Block/reject <IPv4 address range/24> linked to an ASN block list which I want to be able to block.

To hopefully help provide some extra clarity to what it is Im trying to achieve and to gather more tips/advise for trying to solve my problem I want to be able to actively go in to my router (during an active scanning attempt) and block a single IP address OR if called for a IP Range/block of addresses linked to a malicious network mapped back to a particular ASN.

Let's Say for example:
If I need to block all or a large chunk of DigitalOcean VPS's as this is where most of my issues are originating from; How would I be able to achieve this through the Asus Routers interface, There is Nothing clear up on Asus own knowledgebase? The only place I found something resembling close to what I want to achieve is from expressvpn
As shown in this URL: https://www.expressvpn.com/support/troubleshooting/asus-block-ip-address/

This method provides nowhere near enough granularity to block individual ips from the ip range of the remote machines without doing a total block of a /24 CIDR which equates to a lot of addresses.

Also, this method does not allow me to use a refreshed block list of IP addresses, which are up on git gist ready to be pulled into the router via wget xxx which contain the latest active Strecinoid hosts I have queried and derived from the Stretchoid domain PTR records..
Any suggestions Tips would be a massive help.

Alas, Not able to UG to Merlins firmware as not available on AX89X.. There must be another way to block these Aggressive IP/port Scanners based on their IP's and a method to pull a fresh list of IP's down from git gist and imported into the router ipset rules.. idk.. Im Stuck.
Cheers
 
Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top