Block incoming IP address ranges for WRT54G V5.0

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
Kiwi_Tim
DD-WRT Novice


Joined: 05 Jul 2010
Posts: 4

PostPosted: Tue Jul 06, 2010 0:38    Post subject: Block incoming IP address ranges for WRT54G V5.0 Reply with quote
I wish to block several (six) incoming IP address ranges from my Linksys WRT54G V5.0 router, so that none of my home network can be accessed by this incoming traffic. My Linksys WRT54G V5.0 currently has Linksys firmware on it. I don’t wish to change the firmware unless I know for certain that dd-wrt will block incoming IP address ranges for me.

My knowledge of dd-wrt is very limited, as I haven’t used it yet. I do know that my router only supports the micro version of dd-wrt, as it only has 2MB of flash memory and has no capacity to add extra flash memory.

Will the micro version of dd-wrt for the WRT54G V5.0:

-support Iptables commands?

-enable firewall rules to be saved?

-enable the use of ‘iprange’ command?

Could someone please give me an example of command line text to block several different incoming IP address ranges (e.g. 216.115.77.0-216.115.77.255 and 64.79.147.0-64.79.147.255).

Many thanks,

Tim
New Zealand
Sponsor
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Tue Jul 06, 2010 1:44    Post subject: Re: Block incoming IP address ranges for WRT54G V5.0 Reply with quote
Kiwi_Tim wrote:
Will the micro version of dd-wrt for the WRT54G V5.0:

-support Iptables commands?

-enable firewall rules to be saved?

-enable the use of ‘iprange’ command?

Could someone please give me an example of command line text to block several different incoming IP address ranges (e.g. 216.115.77.0-216.115.77.255 and 64.79.147.0-64.79.147.255).

Yes.

Yes, save it to the firewall script on the admin->commands page.

No, but you should be using netmasks anyways.


iptables -I FORWARD -s 216.115.77.0/24 -j DROP
iptables -I FORWARD -s 64.79.147.0/24 -j DROP

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Kiwi_Tim
DD-WRT Novice


Joined: 05 Jul 2010
Posts: 4

PostPosted: Wed Jul 07, 2010 23:56    Post subject: Reply with quote
Thanks for the advice. I successfully converted my WRT54G V5.0 to dd-wrt micro, and it all works very well.

Your netmask commands do the job perfectly.

One more question for you.

What I am attempting to do is block my teenage nephews from playing the game Runescape. They would play it 24/7 if they could.

I now have a list of 53 netmasks for Runescape servers in a text file and excel file. Should I just type 53 command lines, or is there a smarter way?

Under 'Access Restrictions', 'Blocked Services', I see there is an entry for 'RunesOfMagic'. Is there anyway to add 'Runescape'?

Many thanks,
Tim
New Zealand
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Thu Jul 08, 2010 0:45    Post subject: Reply with quote
You should be able to just find the IP('s) of the login servers and block those instead of everything the company uses.
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Kiwi_Tim
DD-WRT Novice


Joined: 05 Jul 2010
Posts: 4

PostPosted: Sun Jul 11, 2010 8:11    Post subject: Reply with quote
Hello again,

I installed the router at my brothers house, where the gaming addicted nephews live, came back and checked remotely 3 hours later using LogMeIn, and my firewall command lines had disappeared. These boys wouldn't know how to hack my admin password, and they didn't do a hard reset, so I guess they must have just repowered the WRT54G V5.0.

Would repowering the router result in a loss of firewall commands. I can't physically check that now as I'm over 100km away from the router, but I can access the router's webpage (using LogMeIn).

If firewall commands can be lost by repowering the router, is there a way to make the router retain the firewall commands after repowering it?

By the way, I found out how to add a service for Runescape Under 'Access Restrictions', 'Blocked Services'. I just had to add the service and put in the TCP port range of 43594–43595.

Many thanks for your help,

Tim
New Zealand
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10143

PostPosted: Sun Jul 11, 2010 8:23    Post subject: Re: Block incoming IP address ranges for WRT54G V5.0 Reply with quote
phuzi0n wrote:
Kiwi_Tim wrote:
Will the micro version of dd-wrt for the WRT54G V5.0:

-support Iptables commands?

-enable firewall rules to be saved?

-enable the use of ‘iprange’ command?

Could someone please give me an example of command line text to block several different incoming IP address ranges (e.g. 216.115.77.0-216.115.77.255 and 64.79.147.0-64.79.147.255).

Yes.

Yes, save it to the firewall script on the admin->commands page.

No, but you should be using netmasks anyways.


iptables -I FORWARD -s 216.115.77.0/24 -j DROP
iptables -I FORWARD -s 64.79.147.0/24 -j DROP

If you didn't save it to the firewall script then it will be wiped out whenever the firewall is rebuilt. If you did save it as a firewall script then it should still be there.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum