• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Configuring iptables script for DD-WRT

R

ryan256

Platinum Member
I run an email server from my home. I have noticed several attempts to brute force my server from IP addresses in China and other countries. When this happens I look up the IP addresses on apnic.net or ripe.net and then add a rule to my router to ban their whole subnet. I want to ban them at my router, not my email server because I don't want them to even see my network anymore.
I don't think this script works correctly though. My office has 2 networks with 2 different public IP addresses. My phone was connected to network1 and my workstation on network2. I connected to my router from my workstation and added a rule to drop all traffic on a subnet that included the public IP address of network1, but not network2. I then tried to RDP to my email server from my phone and was able to do so. My phone should have been blocked from connecting.

Here is a sample of the iptables script I have built so far. I don't think it works correctly though and would like some help.
Code: 
iptables -I INPUT -s 105.236.0.0/16 -j DROP
iptables -I INPUT -s 110.234.0.0/15 -j DROP
iptables -I INPUT -s 114.80.0.0/12 -j DROP
iptables -I INPUT -s 118.0.0.0/8 -j DROP
iptables -I INPUT -s 121.128.0.0/10 -j DROP
iptables -I INPUT -s 122.224.36.24/29 -j DROP
iptables -I INPUT -s 124.192.0.0/15 -j DROP
iptables -I INPUT -s 134.208.0.0/16 -j DROP
iptables -I INPUT -s 144.32.0.0/12 -j DROP
iptables -I INPUT -s 183.192.0.0/10 -j DROP
iptables -I INPUT -s 188.124.8.0/24 -j DROP
iptables -I INPUT -s 193.87.172.128/25 -j DROP
iptables -I INPUT -s 200.68.80.0/20 -j DROP
iptables -I INPUT -s 202.164.41.16/28 -j DROP
iptables -I INPUT -s 202.85.208.0/20 -j DROP
iptables -I INPUT -s 203.197.0.0/16 -j DROP
iptables -I INPUT -s 203.40.0.0/13 -j DROP
iptables -I INPUT -s 204.133.174.0/29 -j DROP
iptables -I INPUT -s 209.172.34.128/27 -j DROP
iptables -I INPUT -s 209.190.128.0/18 -j DROP
 
Last edited:
Bump.
Could really use some help on this from someone please. I'm very new to making iptables configurations.
 
I'm guessing that you have a rule that forwards you RDP port and that rule accepts the connection before the blocking rules are evaluated, just a guess on my part. Try going at it with nmap and see what you get.

Nmap is a free scanning tool, you can get it here http://nmap.org/

Since you are running DD-WRT, you should be extra careful that UPnP is turned off. Pretty much all of the opensource implementations have an exploitable vulnerability.

If you access the router via ssh you can output the rules with "iptables -L" if you have any doubts about your rules bein applied.
 
Last edited:
You must log in or register to reply here.

TRENDING THREADS

Back
Top