Alozaros
DD-WRT Guru
Joined: 16 Nov 2015
Posts: 6436
Location: UK, London, just across the river..
|
 Posted: Wed Jul 19, 2017 13:54 Post subject: |
 |
In general those attack's are typical if you have another router running after it LAN to WAN with NAT
Also DD WRT firewall is very versatile and solid
in security tab you can tick few boxes for DDoS attacks as well you can add few iptables commands... the thing is to know what you are doing and what to expect....
if you do nothing special with your router you can add those lines in administration>commands and save firewall...
iptables -t mangle -I PREROUTING -m conntrack --ctstate INVALID -j DROP
iptables -t mangle -I PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
iptables -t mangle -I PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
iptables -I INPUT -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d `nvram get wan_ipaddr` -j DROP
there are also AD blocking scripts or Country Blocking scripts and so on and on ...variety of stuff...
last thing is make sure you are running a decent recent build...
ftp://ftp.dd-wrt.com/betas/
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913 |
|
