What's new

merlin default iptables. why are there strange logdrops for specific pattens and ips?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

lgkahn

Regular Contributor
why are there these specific logdrop patterns in the default firewall.

Chain OUTPUT_IP (1 references)
target prot opt source destination
logdrop_ip all -- anywhere 193.201.224.0/24
logdrop_ip all -- anywhere vriezekolk.org
logdrop_ip all -- anywhere li1019-134.members.linode.com
logdrop_ip all -- anywhere 190.115.18.28
logdrop_ip all -- anywhere 51-159-52-250.rev.poneytelecom.eu
logdrop_ip all -- anywhere 190.115.18.86

Chain OVPNCF (1 references)


...

drop_dns all -- anywhere anywhere STRING match "|0a65756d6d6167766e627003636f6d00|" ALGO name bm TO 65535 ICASE
logdrop_dns all -- anywhere anywhere STRING match "|0b726f75746572736173757303636f6d00|" ALGO name bm TO 65535 ICASE
logdrop_dns all -- anywhere anywhere STRING match "|037777770b726f757465722d6173757303636f6d00|" ALGO name bm TO 65535 ICASE
logdrop_dns all -- anywhere anywhere STRING match "|0377777709617375736c6f67696e03636f6d00|" ALGO name bm TO 65535 ICASE
logdrop_dns all -- anywhere anywhere STRING match "|0d72657065617461722d6173757303636f6d00|" ALGO name bm TO 65535 ICASE
logdrop_dns all -- anywhere anywhere STRING match "|037777310b726f757465722d6173757303636f6d00|" ALGO name bm TO 65535 ICASE
 
They are blocked malware domains that Asus put there. It's not something that Merlin has added.
 
this seems strange and pointles... what is the point to block a few domains/subnet.. i block thousands both manually for ones i detect trying to hack into my mail server and automatically with lists i download..
 
It is a bit strange, but Asus isn't going to explain why they do it. I can only assume that these specific domains were causing problems for Asus routers, perhaps as the C&C of a botnet.

 
Last edited:

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top