iptables

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. D

    Iptables -j SET target

    Does the current version of Asuswrt-Merlin support the iptables SET target ? When running the command below ... iptables -A INPUT -p tcp -m multiport --dports 23,1433 -j SET --add-set test2 src ... the response is ... iptables: No chain/target/match by that name. There is an existing IP hash:ip...
  2. D

    Default iptables rules

    When reading the output of iptables-save, the eth0 interface is referenced in the default iptables rules, but not vlan2 (wanface). Why is that ?
  3. orion44

    How to remove entry from FORWARD chain in iptables?

    I would like to remove an entry in the FORWARD chain in iptables that contains a device that was previously blocked from WAN (internet) access via the GUI. This device is no longer in service, so I'd prefer to delete the entry rather than keep it for eternity. Is this possible from the GUI if...
  4. zmaster

    Custom firewall-start script for OpenVPN (country allow list)

    Hi guys, I've been a reader of this forum for quite some time and I have a RT-AC68U for almost 2.5 years now but flashed Merlin's firmware last week. My reason was to flash was OpenVPN 2.4.x. My Synology was a bit behind and I don’t like services being exposed to the internet when they are not...
  5. U

    [SOLVED-FOR REAL] rc_service: skip the event: start_firewall.

    This is an issue that cropped up recently and I am at a loss for why it is happening. When the router is restarted (method does not matter) there is something in the syslog "rc_service: skip the event: start_firewall.". Basically the firewall does not start. When this happens I can only access...
  6. swetoast

    Privacy Filter (Another IPSET Script)

    Hi Everyone, I'm back with another IPSET for your firewall this time around its for blocking Telemetry and some Android Rootkit along with Shodan.io Scanners. For official installatins instructions and more information please consult the wiki about the information. NOTE: for all users running...
  7. S

    Need help with nat-start script.

    Since I enabled the FTP server on my NAS I've been getting several log alerts in my mail about failed login attempts. This is part of the log that is sent to my email from my NAS 2016-12-26 19:26:20 alert Failed pure-ftpd login attempt (incorrect password or inexistent username). The details...
  8. P

    why VPN ignores my DROP rule?

    OpenVPN server is configured with Push LAN to clients Yes. Now, I want to forbit id to access anything on the server side. What is wrong with the: iptables -I FORWARD -s 10.37.0.0/24 -j DROP that allows access to my router (192.168.1.1)? I want to do the opposite, but I do not know how: I...
  9. P

    Limiting incoming VPN client to the single local address bidirectionally

    I need to let someone connect to my LAN, using OpenVPN and connect them to Virtual machine at 192.168.1.5:5555. This VPN connection must be bidirectionall as my local Virtual machine must print at their remote printer. They must be strictly limited to be able to access only that VM and nothing...
  10. A

    RT-AC87U Problem start script to block open ports! Asus Merlin 380.59

    Hello Guys, in advance I would apologize for my bad English. I use the OpenVPN Client on my Router to route my internet traffic over VPN. Over the normal WAN IP the ports are not accessible from outside. But when I enable my VPN Connection via "Client 2" some ports are open from outside. The...
  11. waspinator

    Virtual IP: translating WAN IPs to LAN IPs

    Hi, I've got a bunch of WAN IPs which I want to translate to a bunch of LAN IPs, but only open some ports. None of WAN IPs I want to translate are the primary WAN IP the router uses to connect to the internet. For example I want to translate - WAN IP 216.58.216.238 to LAN IP 10.10.10.10 and...
  12. M

    Forwarding wireless traffic (wl0.1)

    Hi all, I am trying, unsuccessfully, to route all traffic from one of my guest networks. I thought I'd copy the routing that Merlin used for the TOR setup (I want to route to the TOR proxy) so I tried this: iptables -t nat -A PREROUTING -i wl0.1 -p udp --dport 53 -j REDIRECT --to-ports 9053...
  13. A

    Network Services Filter: how can I block internet access only at specific times?

    Forgive me if this has been addressed elsewhere, but I've searched everywhere in this subforum and found nothing (current, at least) that has helped me fix this. My goal is to block only internet on one device from TIME 1 to TIME 2 (ideally, 10p to 6p, but I'm not sure if that's possible given...
  14. M

    Iptables on lan clients

    Hi, i'm trying to redirect packets from some ip sources ( kind of transparent proxy) I tried with http traffic using this ip rule: (both are wireless clients) iptables -t nat -I PREROUTING -s 192.168.1.207 -p tcp --dport 80 -j DNAT --to 192.168.1.70. When i set this rule the client can't...
  15. stevec

    Forwarding all UDP Traffic to specific WAN in Dual-WAN Setup

    Hi there, I have already been reading up on different topics in this forum for around a year and now have finally hit a problem I just can't manage to find a solution to. So I decided to join ans hopefully one of you can give me some tipp on how to get this to work. Here is the situation: My...
  16. P

    firewall rule - question

    hello :) since update to Merlin FW 380.59 my ASUS RT-AC68U vpn connection is blocking connection to SSH/TELNET and HTTP/HTTPS my ASUS RT-AC68U is running as VPN Client to another AC68U (FW 380.58) running as VPN Server in Administration - System there is - Enable SSH - LAN Only how to allow...
  17. R

    Scripting/Automating Port Forwarding?

    I'd like to programmatically enable and disable port forwarding on my router (use case below). It should be straightforward enough to write the IPTables rules, but I'm not sure what event (if any) I can use as a trigger. Is updating the nat-start script and rebooting the router the best option...
  18. G

    OpenVPN client Site to Site

    Hello, I have recently installed an RT-AC68U router with original firmware and configured it so it establishes a VPN with OpenVPN to another site. On the other site the server is PfSense. Everything works just fine, i have added routing directives in both routers OpenVPN configuration so i can...
  19. Adamm

    Skynet Skynet - Router Firewall & Security Enhancements

    For support requests and questions please use the Github Issue Tracker where this script is actively maintained Skynet - Router Firewall & Security Enhancements Elevate your home network security with Skynet, a robust firewall and security tool meticulously crafted for ASUS routers running...
Top