[Fi011]

Hi all,
I'm having some issues with iptables not working properly. I just want to create a simple rule for SSH:
iptables -A INPUT -p tcp -s 95.181.21.42 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s 95.181.21.42 --dport 22 -j ACCEPT
Then I ran the commands and saved them to the firewall. This is not my IP address, so with this setup, I shouldn't be able to SSH into the router, only 95.181.21.42 should be able to SSH. But I can still SSH in, with no problems. Same is for Web GUI managment.

But if I go to SSH and check the rules, I can see the rules applied. It looks they are ok.

root@KDC_Baki:~# iptables -vnL INPUT --line-numbers
Chain INPUT (policy ACCEPT 232 packets, 22177 bytes)
num pkts bytes target prot opt in out source destination
1 1 40 logdrop tcp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23
2 0 0 ACCEPT tcp -- * * 95.181.21.42 0.0.0.0/0 tcp dpt:22
3 0 0 ACCEPT tcp -- * * 95.181.21.42 0.0.0.0/0 tcp dpt:22
root@KDC_Baki:~#

but I can still ssh into the router from my ip address with no issues. Any insights?
Also, what is the default logdrop 0.0.0.0 0.0.0.0 rule? Do I need to change it or delete it? Tried but it had no effect.
Any help would be greatly appreciated.

[Mile-Lile]

on Security/Firewall tab enable `Filter WAN NAT Redirection` and you wont be able to access anymore...

and BTW you have that option in GUI Administration\Management\Remote Access... choose SSH and WEB GUI Management then disable `Allow Any Remote IP` and enter wanted IP range...