Posted: Tue Jul 06, 2010 0:38 Post subject: Block incoming IP address ranges for WRT54G V5.0
I wish to block several (six) incoming IP address ranges from my Linksys WRT54G V5.0 router, so that none of my home network can be accessed by this incoming traffic. My Linksys WRT54G V5.0 currently has Linksys firmware on it. I don’t wish to change the firmware unless I know for certain that dd-wrt will block incoming IP address ranges for me.
My knowledge of dd-wrt is very limited, as I haven’t used it yet. I do know that my router only supports the micro version of dd-wrt, as it only has 2MB of flash memory and has no capacity to add extra flash memory.
Will the micro version of dd-wrt for the WRT54G V5.0:
-support Iptables commands?
-enable firewall rules to be saved?
-enable the use of ‘iprange’ command?
Could someone please give me an example of command line text to block several different incoming IP address ranges (e.g. 216.115.77.0-216.115.77.255 and 64.79.147.0-64.79.147.255).
Posted: Tue Jul 06, 2010 1:44 Post subject: Re: Block incoming IP address ranges for WRT54G V5.0
Kiwi_Tim wrote:
Will the micro version of dd-wrt for the WRT54G V5.0:
-support Iptables commands?
-enable firewall rules to be saved?
-enable the use of ‘iprange’ command?
Could someone please give me an example of command line text to block several different incoming IP address ranges (e.g. 216.115.77.0-216.115.77.255 and 64.79.147.0-64.79.147.255).
Yes.
Yes, save it to the firewall script on the admin->commands page.
No, but you should be using netmasks anyways.
iptables -I FORWARD -s 216.115.77.0/24 -j DROP
iptables -I FORWARD -s 64.79.147.0/24 -j DROP _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
You should be able to just find the IP('s) of the login servers and block those instead of everything the company uses. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
I installed the router at my brothers house, where the gaming addicted nephews live, came back and checked remotely 3 hours later using LogMeIn, and my firewall command lines had disappeared. These boys wouldn't know how to hack my admin password, and they didn't do a hard reset, so I guess they must have just repowered the WRT54G V5.0.
Would repowering the router result in a loss of firewall commands. I can't physically check that now as I'm over 100km away from the router, but I can access the router's webpage (using LogMeIn).
If firewall commands can be lost by repowering the router, is there a way to make the router retain the firewall commands after repowering it?
By the way, I found out how to add a service for Runescape Under 'Access Restrictions', 'Blocked Services'. I just had to add the service and put in the TCP port range of 43594–43595.
Posted: Sun Jul 11, 2010 8:23 Post subject: Re: Block incoming IP address ranges for WRT54G V5.0
phuzi0n wrote:
Kiwi_Tim wrote:
Will the micro version of dd-wrt for the WRT54G V5.0:
-support Iptables commands?
-enable firewall rules to be saved?
-enable the use of ‘iprange’ command?
Could someone please give me an example of command line text to block several different incoming IP address ranges (e.g. 216.115.77.0-216.115.77.255 and 64.79.147.0-64.79.147.255).
Yes.
Yes, save it to the firewall script on the admin->commands page.
No, but you should be using netmasks anyways.
iptables -I FORWARD -s 216.115.77.0/24 -j DROP
iptables -I FORWARD -s 64.79.147.0/24 -j DROP
If you didn't save it to the firewall script then it will be wiped out whenever the firewall is rebuilt. If you did save it as a firewall script then it should still be there. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)