Block IP Address

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3  Next
Author Message
RAMoMATIC
DD-WRT Novice


Joined: 04 Jan 2009
Posts: 44

PostPosted: Tue Jan 06, 2009 3:18    Post subject: Block IP Address Reply with quote
I have a Linksys WRT54GS v7.2 Router with DD-WRT Micro and i want to know how to block a ip address using telnet. not just block them from accessing 1 port, i want to block them from the entire router.

Can you guys please provide me how to block a IP address and how to unblock a IP address using Telnet.
Sponsor
RAMoMATIC
DD-WRT Novice


Joined: 04 Jan 2009
Posts: 44

PostPosted: Tue Jan 06, 2009 6:23    Post subject: Reply with quote
Still waiting for someone to help me out here...
bjoeg
DD-WRT User


Joined: 26 May 2008
Posts: 416

PostPosted: Tue Jan 06, 2009 6:58    Post subject: Reply with quote
with IPfilter
RAMoMATIC
DD-WRT Novice


Joined: 04 Jan 2009
Posts: 44

PostPosted: Tue Jan 06, 2009 7:00    Post subject: Reply with quote
bjoeg wrote:
with IPfilter
Does my router already have IPfilter?
bjoeg
DD-WRT User


Joined: 26 May 2008
Posts: 416

PostPosted: Tue Jan 06, 2009 7:05    Post subject: Reply with quote
Sorry meant IPtables, which is explained in Wiki.
RAMoMATIC
DD-WRT Novice


Joined: 04 Jan 2009
Posts: 44

PostPosted: Tue Jan 06, 2009 7:12    Post subject: Reply with quote
bjoeg wrote:
Sorry meant IPtables, which is explained in Wiki.
Alright, Can you please give me the exact command to use to drop a IP address permanently and the command to unban a IP address.
bjoeg
DD-WRT User


Joined: 26 May 2008
Posts: 416

PostPosted: Tue Jan 06, 2009 7:20    Post subject: Reply with quote
Read the Wiki
http://www.dd-wrt.com/wiki/index.php/Iptables
RAMoMATIC
DD-WRT Novice


Joined: 04 Jan 2009
Posts: 44

PostPosted: Tue Jan 06, 2009 7:38    Post subject: Reply with quote
bjoeg wrote:
Read the Wiki
http://www.dd-wrt.com/wiki/index.php/Iptables
i did but i dont know what one i do exactly to block ips and unblock ips. im very new to dd-wrt so i hardly get any of this stuff.
soulstace
DD-WRT Guru


Joined: 04 Aug 2007
Posts: 6427

PostPosted: Tue Jan 06, 2009 7:48    Post subject: Reply with quote
iptables -I INPUT -s IP_TO_BLOCK -j DROP
iptables -I FORWARD -s IP_TO_BLOCK -j DROP

To unblock is even easier. You just delete those lines from the table using iptables -D.

Should be tested from telnet, but it's not permanent. Only permanent if you save as script as mentioned in the wiki.
RAMoMATIC
DD-WRT Novice


Joined: 04 Jan 2009
Posts: 44

PostPosted: Tue Jan 06, 2009 8:03    Post subject: Reply with quote
soulstace wrote:
iptables -I INPUT -s IP_TO_BLOCK -j DROP
iptables -I FORWARD -s IP_TO_BLOCK -j DROP

To unblock is even easier. You just delete those lines from the table using iptables -D.

Should be tested from telnet, but it's not permanent. Only permanent if you save as script as mentioned in the wiki.
Great!! It worked Smile but now how about unblocking the IP? i put iptables -D but the IP is still blocked.
soulstace
DD-WRT Guru


Joined: 04 Aug 2007
Posts: 6427

PostPosted: Tue Jan 06, 2009 8:09    Post subject: Reply with quote
well you need to give iptables -D the chain and line number of the line you want to delete.

list the line numbers with iptables -L --line

then do iptables -D INPUT # and iptables -D FORWARD #
RAMoMATIC
DD-WRT Novice


Joined: 04 Jan 2009
Posts: 44

PostPosted: Tue Jan 06, 2009 8:18    Post subject: Reply with quote
soulstace wrote:
well you need to give iptables -D the chain and line number of the line you want to delete.

list the line numbers with iptables -L --line

then do iptables -D INPUT # and iptables -D FORWARD #
Great! that worked like a charm Very Happy and as for keeping a IP address blocked forever i would need to hit Save Firewall correct?

Also if i just hit Run Commands will it only store the blocked IPs until my router restarts?
soulstace
DD-WRT Guru


Joined: 04 Aug 2007
Posts: 6427

PostPosted: Tue Jan 06, 2009 8:29    Post subject: Reply with quote
if you just use Run commands, or even telnet, there is the possibility that the rules get lost when the interface restarts. Save firewall is the safest way once you're sure the rules work correctly.

However, do not store iptables -D in a firewall script without some checks in place to make sure it deletes the right thing. Otherwise you run the risk of deleting the wrong lines and breaking the configuration.
RAMoMATIC
DD-WRT Novice


Joined: 04 Jan 2009
Posts: 44

PostPosted: Tue Jan 06, 2009 8:37    Post subject: Reply with quote
soulstace wrote:
if you just use Run commands, or even telnet, there is the possibility that the rules get lost when the interface restarts. Save firewall is the safest way once you're sure the rules work correctly.

However, do not store iptables -D in a firewall script without some checks in place to make sure it deletes the right thing. Otherwise you run the risk of deleting the wrong lines and breaking the configuration.
Alright, Also for this iptables drop command this blocks me from connecting to the ip and the ip connecting to me correct?
soulstace
DD-WRT Guru


Joined: 04 Aug 2007
Posts: 6427

PostPosted: Tue Jan 06, 2009 8:44    Post subject: Reply with quote
RAMoMATIC wrote:
this blocks me from connecting to the ip ... correct?


Not necessarily. It blocks the IP from connecting to you.

If you want to block in the other direction, you also need something like:

iptables -I FORWARD -s 192.168.1.0/24 -d IP_TO_BLOCK -j DROP

It's fairly easy to understand. -s is the source address and -d is the destination. -I means Insert a rule into the FORWARD chain and -j DROP means DROP.

In other words, if packet is sourced from 192.168.1.0/24 destined to IP_TO_BLOCK, it is DROPped.
Goto page 1, 2, 3  Next Display posts from previous:    Page 1 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum