IP Tables and Blocking Inbound (public) WAN IP addresses

[SkierInAvon]

Am running (August 2017) version of AsusWrt-Merlin. Love it.

Have Script wan-start running on permanent jffs partition.
Am successfully blocking inbound WAN traffic from 200.16.89.92 with this:

iptables -I FORWARD -s 200.16.89.92 -j DROP

My question: What is the syntax to block inbound WAN traffic from an entire subnet?

Here is what doesn't work...

iptables -I FORWARD -s 200.16.89.0/255.255.255.0 -j DROP

Thanks in advance.

SkierInAvon

 

[Jack Yaz]

200.16.89.0/24 may work

 

[SkierInAvon]

Thanks. I'll test it now, and report results.

 

[SkierInAvon]

After about (30) minutes of testing - Your updated IPTABLES Syntax WORKS!

THANKS!

Working: iptables -I FORWARD -s 200.16.89.0/24 -j DROP

Still kind of amazing to me the Router/NAT Gateway folks don't have a simple browser based interface that lets users BLOCK TRAFFIC from a known Public IP address that keeps hammering away (inbound from the Internet) at the WAN Interface of their Routers... "Dropping" IP packets seems to be the best way to go - since the (would be hacker?) won't get any response (at all) from the WAN Interface of your Router/NAT Gateway. The Routers log file should expose the public IP Address of the (hacker?) that keeps hammering your WAN Interface...yet (to date) no simple (browser) interface to block any/all traffic from that IP that their log file has identified....

 

[Jack Yaz]

If you're looking to block malicious IPs, take a look at @Adamm 's skynet script. Simple to install, and just works!

https://www.snbforums.com/threads/s...mic-malware-country-manual-ip-blocking.16798/