iptables

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. R

    How to setup VPN client routes via SSH

    My end goal is to route all traffic hitting a specific media service through my VPN client. I've got a list of IPs that is dynamically updated using this service's various URLs. I'd like to force any traffic coming from any device on my network that is destined for one of these IPs, to go over...
  2. A

    Custom IPTables Rules for DNS Redirect

    I want to add some rules into iptables so that my Google/Nest smart devices stop calling Google DNS directly, and the Google DNS calls they do are redirected to my AdGuard Home DNS server which will reply with the appropriate DNS records. I know I can probably use DNSFiltering, but want to...
  3. jenny5353

    RT-AC66U B1 Hacked - Suspicious Entries in iptables

    My router was recently hacked and I was locked out. I've done several factory resets, 2 hard factory resets, put the router and rescue mode and flashed the latest beta firmware about 8 times. Could anyone please tell me if the following entries are supposed to be in iptables? I've flushed the...
  4. H

    R7800 openfortivpn & Iptables , how do i make it work ?

    Hello. I have an R7800 with Router Firmware Version V1.0.2.83SF and i installed openfortivpn - 1.15.0-1 which is creating interface PPP1. I can connect to the VPN at work, but from the LAN i can not acces the servers at work. Everything is done from the router, via SSH. Ping-ing a server...
  5. A

    DNS-over-TLS - disable possibility for regular DNS requests from asus router

    Hi, Long time reader of these forums and grateful for all the advice. Running RT-AC86U smoothly. Configured DNS-over-TLS with all DNS traffic from LAN intercepted and answered by Router. This works flawlessly. (Got answer back for a "dig nas.lan @1.1.1.1 that only exists on my lan and couldn't...
  6. HELLO_wORLD

    Discussion on improving the firewall

    Hello to all. In a constant quest to improve security of the firewall, I recently added some rules to deal with port scan. The idea of this thread is to share our experiences and experimentation to make our firewalls better. It is open to comments, critics, improvements, etc... Here is my...
  7. HELLO_wORLD

    Aegis Aegis (simple yet effective protection)

    Due to new forum rules on threads older than six months, here is a fresh new one, good until April 2021. Previous thread Aegis A firewall blocklist script for Netgear R7800 and R9000 Routers with Voxel firmware. Should work with some other models as well. What is it? It is a script that...
  8. ThePooBurner

    Is there a script for configuring VLANs?

    Hi everyone. I've been scouring this forum for a couple months now looking for information on using VLANs via scripting and trying to make sense of everything that I've read. I'm not making this post lightly, as in most of what i've read there seem to be a lot "You should have searched first...
  9. S

    DNS redirect to local DNS server

    Hi! Some of my devices use an hard-coded DNS server, i.e. 8.8.8.8. I like to re-direct this DNS traffic to my local unbound DNS server by using the firewall script of my AC86 router. I use the following IPTABLES commands. The rule is added correctly to iptables. Are these rules correct and how...
  10. G

    iptables entries not run from openvpn-event on reboot

    I'm running version 384.17 of Asuswrt-Merlin on an RT-AC66U_B1, I have an openvpn-event script in /jffs/scripts that uses a template that calls a vpnserver1-up and vpnserver1-down script. These up and down scripts contain custom rules I add to the iptables, the first and most important being the...
  11. HELLO_wORLD

    Aegis aegis: a firewall blocklist

    aegis is the successor of firewall-blocklist: https://www.snbforums.com/threads/r7800-r9000-probably-others-blocklist-based-firewall-addon.63241/ It starts with version 1.0.0, but is more recent than latest firewall-blocklist aegis A firewall blocklist script for Netgear R7800 and R9000 Routers...
  12. E

    AsusWRT Merlin iptables

    Hello there! I have several (smarthome) devices that phone home while that is not necessary due to local integration. To block devices from accessing the internet I usually use the 'Block Internet Access' function in the GUI. It seems this function uses DROP to block access. The smarthome...
  13. solstyce

    how to debug an iptable problem?

    I'm an iptables savage - I know just enough to know how thoroughly I could ruin my network configuration, and could use some help. I've tried to wrap my head around iptables several times over the years, and each time stagger away with a headache. I've run into a problem where my AC68U drops...
  14. amplatfus

    [SOLVED] Firewalling Samba for one manually assigned IP

    Hi all, I am trying to restrict access to router external USB storage with SAMBA active. I tried using below rules in firewall, but nothing worked Could you please provide some things to try? iptables -A FORWARD -s 172.16.0.242 -d 172.16.0.1 -p tcp --sport 137:139 -j DROP iptables -A FORWARD...
  15. HELLO_wORLD

    [R7800] warnings with iptables

    Hello to all, Several R7800 users (maybe other models too) noticed some warnings when restarting the firewall. It does not seem to affect the router functionality, but since a good chunk of people here, are working to make this router better, it would be nice to go to the bottom of these...
  16. HELLO_wORLD

    [R7800, R9000 & probably others] Blocklist based Firewall addon

    DEPRECATED Now use aegis: https://www.snbforums.com/threads/aegis-a-firewall-blocklist.64128/ I made a blocklist based firewall addon for myself, and I improved it to share it here as it can interest others. Firewall Blocklist Firewall blocklist script for Netgear R7800 and R9000 Routers...
  17. N

    Anybody able to get NoDogSplash working?

    I'm trying to build NoDogSplash on AsusWrt Merlin 384.14. Compile is fine, configuration also ok. But when I start nodogsplash, it complaining that iptables version is too low. It requires 1.4.17, and AsusWrt Merlin using iptables 1.4.15. Manually lower requirement to v1.4.15 cause error like...
  18. ihoman202

    Need Help Resetting IPSet / IPTables

    I have ASUS Merlin on an ASUS RT-AC68U on the latest firmware as of this post it's 384.13 and decided to try the Asus Merlin SkyNet Project but it made things really bizzard really quickly - My Family uses Charter / Spectrum and I use a Verizon Modem on my own ASUS routers - regardless both of...
  19. F

    Question regarding haproxy and iptables

    I've installed haproxy via entware so that I can tunnel both openvpn (running on router) and a separate locally hosted https server through port 443 of my router. I need to tunnel openvpn over port 443 because some WiFis block access to non standard ports and I need https over 443 so that the...
  20. P

    [R9000] iptables / dns redirect issue

    Hello, I've been having a weird issue that I've been unable to solve and could use some help. I'm running an R9000 with Voxel's latest firmware. I also have a Raspberry Pi on the network serving DNS over Cloudflared DoH (DNS over HTTPS). The R9000 IPv4 DNS is set to 10.0.0.247 (the Pi) without...
Top