Posted: Sun Jun 18, 2017 14:39 Post subject: Can't reject/block external IP to INPUT or FORWARD?
Router: Netgear R7000
Firmware: DD-WRT v3.0-r32170M kongac (06/10/17)
Previous: Automatic Updates Enabled
Kernel: Linux 4.4.70 #336 SMP Sat Jun 10 17:52:48 CEST 2017 armv7l
Status: Load Average: 0.06, 0.09, 0.05
Hello All,
I'm trying to block a nasty spammer. My setup is simple - Ports are being forwarded to a server on my internal subnet. The DDWRT gateway has a static IP from my ISP, and the default Firewall settings are enabled, again a handfull of forwarded TCP/UDP ports to my internal IP (server).This is accomplished with the NAT/Port Forwarding tabs.
I'm using the following ip tables commands to drop traffic comming from the spammers IP, but traffic gets throug and spam is still hitting my mail server. I might also add this woked awhile back with out issues. here's adnother post I made a year ago:
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Sun Jun 18, 2017 16:46 Post subject:
i have many of those rules, some are even regarding all range of IP's, i can see those rules are clearly working as there are some drooped packets...but yep some of them stayed at zero (0),but if i try to dial any of those IP's in that range, connection is denied....so i believe they are working...
The only way those rules not to work i guess if there is some applications or malware running on the background, opening those connections from inside... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
i have many of those rules, some are even regarding all range of IP's, i can see those rules are clearly working as there are some drooped packets...but yep some of them stayed at zero (0),but if i try to dial any of those IP's in that range, connection is denied....so i believe they are working...
The only way those rules not to work i guess if there is some applications or malware running on the background, opening those connections from inside...
They are definitely not working with my DDWRT gateway - mail is still get through to posix. I don't know how malware could open up ports or change iptables or even bypass? Upnp is disabled.
I'm running clamav now on the Server, but I'm pretty sure that not an issue.
to check if packet are being dropped ssh to your unit and type:
Code:
iptables -vnL INPUT
to see your firewall rules type:
Code:
cat /tmp/.ipt
Mile-Lile
That's an interesting iptables command. I'll give it a shot and report back. What do you think about using "vlan2" apposed to "get_wanface" with your suggestion?