firewall-start question/help

[zero65]

1st of all want to say great firmware! I am using 3.0.0.4.374.37_1-sdk5-oldusb and all is good. I am trying to lock down my network a bit more but can't figure what I am doing wrong.

created firewall-start and it runs... with following:

#!/bin/sh
#############
# Firewalling
#############
iptables -A FORWARD -p ALL -i br0 -o eth0 -m iprange --src-range 192.168.2.2-192.168.2.111 -j DROP


When I do iptables -L and iptables-save c I can see that my entry gets added. However if change my pc ipaddress to any of these ip addresses say 192.168.2.3 none of my access is restricted. I have looked at iptables man and it looks correct. I just cant quite see what I did wrong. Any help will be appreciated!

Thx

 

[RMerlin]

1st of all want to say great firmware! I am using 3.0.0.4.374.37_1-sdk5-oldusb and all is good. I am trying to lock down my network a bit more but can't figure what I am doing wrong.

created firewall-start and it runs... with following:

#!/bin/sh
#############
# Firewalling
#############
iptables -A FORWARD -p ALL -i br0 -o eth0 -m iprange --src-range 192.168.2.2-192.168.2.111 -j DROP


When I do iptables -L and iptables-save c I can see that my entry gets added. However if change my pc ipaddress to any of these ip addresses say 192.168.2.3 none of my access is restricted. I have looked at iptables man and it looks correct. I just cant quite see what I did wrong. Any help will be appreciated!

Thx

You are appending the rule, which probably means your traffic got allowed in by a previous rule.

Try using -I instead of -A, so it will be inserted at the top of the chain.

 

[zero65]

Perfect that was it! Thank you Merlin!