Menu
What's new
By:
Filters Better Search

AsusWRT Merlin iptables

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

E

EarlGrey

New Around Here
Hello there!

I have several (smarthome) devices that phone home while that is not necessary due to local integration. To block devices from accessing the internet I usually use the 'Block Internet Access' function in the GUI.

It seems this function uses DROP to block access. The smarthome devices do not like this approach which results in disconnects. Using REJECT should solve this problem, that's why I created custom iptables rules (/jffs/scripts/firewall-start). The problem is, they do not work. Could someone have a look what I'm missing here?

iptables -A FORWARD -s 10.0.0.69 -o lo -j ACCEPT
iptables -A FORWARD -s 10.0.0.69 -d 10.0.0.0/24 -j ACCEPT
iptables -A FORWARD -s 10.0.0.45 -o lo -j ACCEPT
iptables -A FORWARD -s 10.0.0.45 -d 10.0.0.0/24 -j ACCEPT
iptables -A FORWARD -s 10.0.0.69 -j REJECT
iptables -A FORWARD -s 10.0.0.45 -j REJECT
 
Router model? Firmware version?

My guess is that you need to insert the rules at the beginning of the forward chain. At the moment you are appending them after the final accept.
 
Last edited by a moderator:
What is the purpose of the rules accepting connections to the loopback interface (-o lo)? :confused:
 
ColinTaylor said:
Router model? Firmware version?

My guess is that you need to insert the rules at the beginning of the forward chain. At the moment you are appending them after the final accept.
Click to expand...

Apologies, that would be an Asus RT-AC68U with firmware 384.16. Could you please elaborate how to append these rules at the beginning of the forward chain?

dave14305 said:
What is the purpose of the rules accepting connections to the loopback interface (-o lo)? :confused:
Click to expand...
I was lead by the following source https://unix.stackexchange.com/questions/396218/block-wan-access-allow-lan-access-linux-hosts
 
EarlGrey said:
Apologies, that would be an Asus RT-AC68U with firmware 384.16. Could you please elaborate how to append these rules at the beginning of the forward chain?
Click to expand...
Use insert (-I) instead of append (-A). But I would only use the REJECT rules and leave the others out.

I was lead by the following source https://unix.stackexchange.com/questions/396218/block-wan-access-allow-lan-access-linux-hosts
Click to expand...
That's not a particularly good example to copy because they are talking about the firewall on a host, not the gateway device.
 
You must log in or register to reply here.

Similar threads

R
Script to detect backup wan and disable certain devices from internet access
Replies
0
Views
338
RandomUser777
R
R
DNS filtering when using cloudflare DNS?
Replies
4
Views
377
dave14305
dave14305
SkierInAvon
Asus Merlin - iptables command (not working?)
Replies
8
Views
561
SkierInAvon
SkierInAvon
R
One router, two segments desired.
Replies
4
Views
389
Rombo
R
H
Port Forwarding Over WireGuard Connection?
2
Replies
22
Views
2K
houmi
houmi
Similar threads
Thread starter Title Forum Replies Date
RMerlin Beta Asuswrt-Merlin 3004.388.7 beta is now available Asuswrt-Merlin 70
H Solved xbox one not able to sign in when connected through router running asuswrt-merlin on an rt-ac5300. Asuswrt-Merlin 5
RMerlin Release Asuswrt-Merlin 386.13 is now available for AC models Asuswrt-Merlin 38
RMerlin Beta Asuswrt-Merlin 386.13 beta is now available for AC models Asuswrt-Merlin 32
visortgw asuswrt-merlin.net Website Site Down? Asuswrt-Merlin 18
C Asuswrt-Merlin 3004.388.6 Memory Leak Asuswrt-Merlin 13
RMerlin Release Asuswrt-Merlin 386.12_6 is now available for AC models Asuswrt-Merlin 168
U Where to start with automatic scripting for AsusWRT-Merlin Asuswrt-Merlin 11
L Does the latest AsusWRT/Merlin FW has a memory leak? Asuswrt-Merlin 20
RMerlin Beta Asuswrt-Merlin 3004.388.6_x test builds (dnsmasq 2.90) Asuswrt-Merlin 102

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 724 (members: 24, guests: 700)
Top