What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

iptables FORWARD and NSFW

F

frequenzy

Occasional Visitor
Hi,

Currently using Asus Merlin on AC68U. If I want to block a specific IP and port via iptables, should it be inserted on FORWARD or NSFW?

on FORWARD
iptables -I FORWARD -s 1.1.1.1/32 -i br0 -o vlan2 -p tcp -m tcp --dport 853 -j DROP

on NSFW
iptables -I NSFW -s 1.1.1.1/32 -i br0 -o vlan2 -p tcp -m tcp --dport 853 -j DROP

Also for the jffs/scrips, should I insert the line on nat-start or firewall-start?
 
Use FORWARD, INPUT or OUTPUT. NSFW is a chain used by the webui-managed Network Service Firewall, I don't recommend manually messing with it.

Anything changed in the filter table should go to firewall-start, and the mangle/nat tables should go in the nat-start script.
 
If your objective is to stop clients accessing Cloudflare's DoT servers then I suggest that you use the Network Services Filter as that will create the rules for you. As it stands your command won't work because you have specified 1.1.1.1 as the source address instead of the destination.
 
You must log in or register to reply here.

Similar threads

garycnew
VPNDirector Source/Destination Port-Based Split-Tunneling Rules Not Possible?
Replies
6
Views
432
garycnew
garycnew
P
Allowing main network to access guest networks
Replies
1
Views
277
bennor
B
I
mDNS on different subnets via VPN
Replies
4
Views
329
Igor
I
D
YazFi Allowing cast traffic from guest network to IoT (media) network
Replies
11
Views
461
bennor
B
X
[ASUSWRT 5.0] VLAN Support
Replies
0
Views
746
xTerminator
X
Similar threads
Thread starter Title Forum Replies Date
J RT-AC88U drops the OpenVPN inbound ACCEPT iptables rule after a time Asuswrt-Merlin 14
J Curious behaviour after opening ports with iptables - RTAX86U - Asus Wrt Merlin Asuswrt-Merlin 6
S Custom IPTables and EBTables CLI after GUI reprovisioning Asuswrt-Merlin 1
r000t Hardcoded Google DNS IPTABLES rule Asuswrt-Merlin 6
F Understanding IPTABLES - asus ROG ax6000 Asuswrt-Merlin 17
N Forward only specific port's traffic to Wireguard VPN Asuswrt-Merlin 1
R Forward FQDN to LAN IP Asuswrt-Merlin 8
P Can’t forward new ports (just old ones) Asuswrt-Merlin 4

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 599 (members: 10, guests: 589)
Back
Top