What's new

Question on Firewall Network Services Filter

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

bunty

New Around Here
Hello All:

I have RT-N66U and I am trying to create network services filter, both blacklist and whitelist. Is it possible to create both whitelist and blacklist filters at the same time? When I change the filter table type from blacklist to whitelist, I still see all my blacklist entries. Makes me think we can either do blacklist OR whitelist but not both both at the same time.

What I want to do is to create few blacklist filters for all users and then for some users have a specific whitelist filters. In theory it should be possible and the documentation seems to imply that we can create such filters.

I am doing something wrong?

Thanks for the help.

Bunty
 
Reply from ASUS tech support

Thank you for contacting ASUS Customer Service.
My name is xxx and it is my pleasure to help you with your problem.

Thank you for your feedback. But it could not support the blacklist and whitelist at the same time. You only could set up one of them in a time.

And would you please take a picture of this page to me? Then I could check if you set up correctly or not. Thank you.

Welcome to refer Troubleshooting & FAQ for ASUS products in ASUS website:
http://support.asus.com/servicehome.aspx?SLanguage=en

If you continue to experience issues in the future, please do not hesitate to contact us.

An email survey will be sent to you within the next 5 days. Please be sure to rate the service I provided to you today.
 
That is correct. Technically, you cannot have both a blacklist AND a whitelist. These two work by having user-entered exception rules, and at the end they have a default rule that is used by anything not on that list. That default rule would be different based on whether you are white or blacklisting (whitelisting would have the default rule drop, and blacklisting would have the default rule accept). You can obviously not have two different default rules at once, hence the reason why it's only one of them at a time.
 
Question on iptables rule

Hello RMerlin:

Thanks for your clarification. I have one more follow-up question. I am using white-list filter to only open the following ports:

25(smtp), 53(DNS), 80(http), 110(pop3), 443(https)

Now, in addition to the above, if I want to block my LAN users to connect a specific IP address. Can I use iptables rule to do that? For example, will this rule work?

iptables -t nat -A PREROUTING -d xxx.xxx.x.x -j DROP

Also, do I add this rule to nat-start script?

Thanks for your help.

Bunty
 
Hello RMerlin:

Thanks for your clarification. I have one more follow-up question. I am using white-list filter to only open the following ports:

25(smtp), 53(DNS), 80(http), 110(pop3), 443(https)

Now, in addition to the above, if I want to block my LAN users to connect a specific IP address. Can I use iptables rule to do that? For example, will this rule work?

iptables -t nat -A PREROUTING -d xxx.xxx.x.x -j DROP

Also, do I add this rule to nat-start script?

Thanks for your help.

Bunty

That might work, give it a try. Change -A for -I however, to ensure that your rule does not end up after any default rule that might have been added by the router.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top