What's new

RT-AC66U B1 (Firmware 386.51255) - is there a way to block incoming IP address?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Zolt

Occasional Visitor
Hi there.
I was wondering if there is a way to block an incoming IP address.

I do host a private web site (over https), but I see all kind of connections in the SysLogs.
Every couple seconds, I see this type of entry :
ACCEPT IN=eth0 OUT=br0 SRC=46.148.40.175 DST=xxx.xxx.xxx.xxx
This specific IP comes from Iran (but there are multiple ones from other foreign countries) - since it's a private WebSite (family purpose only) and I have nobody I know in Iran, I'd like to block that IP - possibly a wider range.

Can this be done with Stock Firmware on an RT-AC66U B1 router?

Thanks for your help!
 
Most efficient would probably be to configure that in your server's own firewall rather than on the router's firewall, as it was never really meant to handle complex firewall configuration, especially on this model that has limited nvram configuration storage.
 
Oh ok! So just the regular Windows firewall...
Good idea - I should have thought about this!

Thanks!
 
It might be simpler for you to "deny all" external IPs as the highest priority firewall rule and "allow" only specific IPs since you have a limited number of users.
 
It might be simpler for you to "deny all" external IPs as the highest priority firewall rule and "allow" only specific IPs since you have a limited number of users.
Good idea, but for that I need to know the IPs of each users, which might be an issue.
But indeed could be feasible....
Thanks for the input!
 
If you are using Windows as a web server you may want to consider switching to Linux. Windows seems to be easier to hack.
 
Most efficient would probably be to configure that in your server's own firewall rather than on the router's firewall, as it was never really meant to handle complex firewall configuration, especially on this model that has limited nvram configuration storage.
Installed Malwarebytes and it has been popping up that it has been stopping RDP 3389 access attempts. Looking at the logged source IP's it is definately the same stuff they are talking about here:


But my port 3389 on the Merlinized AC-1900 router is not directly open so this seems odd to me although I do have a port forward/redirect set which routinely gets changed.

I have added 3 ranges of IP's to drop via a script in the router following instructions in another forum thread but can't help but wonder if the best way to keep the gremlins out is just to DROP the offender's entire IP range in my router? For example it appears that FLYSERVERS SA is hosting baddies so I just drop them from the get-go at the router and then the PC doesn't have to do another layer of protection.

Comments?
 
Check if it's using IPv4 or IPv6. IPv6 isn't NATed, therefore it does not require any port forward for a client to be reachable over the Internet through IPv6, you need to make sure that the IPv6 firewall is enabled on the router.
 
Check if it's using IPv4 or IPv6. IPv6 isn't NATed, therefore it does not require any port forward for a client to be reachable over the Internet through IPv6, you need to make sure that the IPv6 firewall is enabled on the router.
1686585815797.png


IP6 is off. Good enough?

IP6 fiewall was on also

1686585901860.png
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top