Menu
What's new
By:
Filters Better Search

iptables to block range of ip

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

O

Otto Rodusek

New Around Here
Hi,

I'm using RT-AC88U_380.67_beta3.trx on RT-AC88U.

I issued the following iptables commands:

iptables -A INPUT -s 183.136.184.0/24 -j DROP
iptables -A INPUT -s 54.0.0.0/8 -j DROP
iptables -A INPUT -s 45.0.0.0/8 -j DROP

I checked with iptables -L and indeed the rules are there - however - when I check my syslog - the ip was ACCEPTED:

Jul 10 20:13:16 kernel: ACCEPT IN=eth0 OUT= MAC=60:45:cb:b1:d9:68:00:00:5e:00:01:99:08:00 SRC=54.183.102.24 DST=192.168.5.254 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=41715 DF PROTO=TCP SPT=55682 DPT=10443 SEQ=3377093481 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A20ADF99A0000000001030307)


Is there a different way to block a range of ip on busybox v1.25?

Thanks for any help.
 
Otto Rodusek said:
Hi,

I'm using RT-AC88U_380.67_beta3.trx on RT-AC88U.

I issued the following iptables commands:

iptables -A INPUT -s 183.136.184.0/24 -j DROP
iptables -A INPUT -s 54.0.0.0/8 -j DROP
iptables -A INPUT -s 45.0.0.0/8 -j DROP

I checked with iptables -L and indeed the rules are there - however - when I check my syslog - the ip was ACCEPTED:

Jul 10 20:13:16 kernel: ACCEPT IN=eth0 OUT= MAC=60:45:cb:b1:d9:68:00:00:5e:00:01:99:08:00 SRC=54.183.102.24 DST=192.168.5.254 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=41715 DF PROTO=TCP SPT=55682 DPT=10443 SEQ=3377093481 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A20ADF99A0000000001030307)


Is there a different way to block a range of ip on busybox v1.25?

Thanks for any help.
Click to expand...

You are appending the rules to the end of the chain ( -A ) not inserting them to the top ( -I ).

IPTables works on a "first match" basis, so it is being matched and accepted by other rules before getting to that rule. To fix this use -I instead
 
Otto Rodusek said:
Hi,

I'm using RT-AC88U_380.67_beta3.trx on RT-AC88U.

I issued the following iptables commands:

iptables -A INPUT -s 183.136.184.0/24 -j DROP
iptables -A INPUT -s 54.0.0.0/8 -j DROP
iptables -A INPUT -s 45.0.0.0/8 -j DROP

I checked with iptables -L and indeed the rules are there - however - when I check my syslog - the ip was ACCEPTED:

Jul 10 20:13:16 kernel: ACCEPT IN=eth0 OUT= MAC=60:45:cb:b1:d9:68:00:00:5e:00:01:99:08:00 SRC=54.183.102.24 DST=192.168.5.254 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=41715 DF PROTO=TCP SPT=55682 DPT=10443 SEQ=3377093481 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A20ADF99A0000000001030307)


Is there a different way to block a range of ip on busybox v1.25?

Thanks for any help.
Click to expand...

Try the FORWARD chain rather than the INPUT chain.
 
Hi,

Yup using (-I) instead of (-A) did the trick! I'm so used to using (-A) that I completely forgot about (-I)! Again thanks for the quick reply and fix!
 
You must log in or register to reply here.

Similar threads

SkierInAvon
Asus Merlin - iptables command (not working?)
Replies
8
Views
578
SkierInAvon
SkierInAvon
S
How to block DHCP protocol over a TAP site-to-site VPN (useful if you host separate DHCP subnet ranges at each site as part of a superset subnet)
Replies
0
Views
866
seabass
S
M
ASUS Merlin iptables rule not applying.
Replies
11
Views
3K
Boysa22
B
D
Asus RT-AC3100, Merlin, how to use iptables to prevent access to port/ip
Replies
8
Views
3K
ColinTaylor
C
J
iptables - grant access to a specific IP only to one user
Replies
4
Views
902
eibgrad
eibgrad
Similar threads
Thread starter Title Forum Replies Date
SkierInAvon Asus Merlin - iptables command (not working?) Asuswrt-Merlin 8
v.y.k iptables pkts & bytes numbers are too low on Merlin 3004.388 Asuswrt-Merlin 13
M iptables module rateest - loadbalancing split over Asuswrt-Merlin 0
A Entware iptables no chain/target/match and tcpdump problems Asuswrt-Merlin 3
Z wgclient-start with iptables nat rules after router reboot Asuswrt-Merlin 19
H Does VPN Director Use Routes or IPTables Rules To Route Clients Over a VPN Connection? Asuswrt-Merlin 5
H Does firewall-start Script Ever Run Twice With Same iptables Rules? Asuswrt-Merlin 13
L merlin default iptables. why are there strange logdrops for specific pattens and ips? Asuswrt-Merlin 3
NoBenefit Does my iptables looks normal? Asuswrt-Merlin 1
J Allowing just one device to subnet (iptables or Network Services Filter?) Asuswrt-Merlin 0

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 1,040 (members: 38, guests: 1,002)
Top