Port Blocking

From DD-WRT Wiki

Jump to: navigation, search

This tutorial will show you basic commands for blocking traffic from accessing your network.

Example:

Web = Port 80
FTP = Port 21

In order to set rules on specific ports, you need to access iptables. You will have greater control accessing the iptables via SSH or Telnet. If you feel more comfortable running commands via the router's web interface, then you can do so by logging into your router's Administration/Diagnostics page. From there you can input your desired commands into the Command Shell.

[edit] Commands

Port Blocking - Block all users to port 80:

iptables -I FORWARD -p tcp --dport 80 -j DROP

Port Blocking - Block a SINGLE user to port 21:

iptables -I FORWARD -s 192.168.1.101 -p tcp --dport 21 -j DROP

Port Blocking - Block a RANGE of users to port 21 (not available in most embedded builds):

iptables -I FORWARD -s 192.168.1.1-192.168.1.101 -p tcp --dport 21 -j DROP

Port Blocking - Block a RANGE of users to port 21 based upon a SUBNET:

iptables -I FORWARD 1 -s 192.168.1.0/24 -p tcp --dport 21 -j DROP

List iptables - List the rules in a chain or all chains:

iptables -L

Undo Rule - Delete rule rulenum (1 = first) from chain:

iptables -D FORWARD 1

Flush Rules from iptables - Delete all rules in chain or all chains:

iptables -F

Multiple Ports - Create multiple rules:

iptables -I FORWARD -p tcp --dport 21 -j DROP
iptables -I FORWARD -p tcp --dport 80 -j DROP

Or, just use one rule to accomplish the same thing:

iptables -I FORWARD -p tcp -m multiport --dport 21,80 -j DROP

Port Range - Use a colon to select a port range (Port 21 through 80 will be closed):

iptables -I FORWARD 1 -p tcp --dport 21:80 -j DROP

[edit] See Also

Iptables command - Lists all available commands for use in iptables
Telnet/SSH and the Command Line - How to on Telnet and SSH

[edit] External Resources

PortForward - List of the most commonly used ports