1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can only save one IPTABLE Enrty???

Discussion in 'Sveasoft Firmware' started by spacejunk, Oct 23, 2004.

  1. spacejunk

    spacejunk Network Guru Member

    I am using this method

    nvram set rc_firewall='/usr/sbin/iptables -I FORWARD -s xxx.xxx.xxx.0/24 -d xx.xx.xx.0/24 -j DROP'
    nvram commit

    reboot. However only the last entry ever show up when I do a

    iptables -L -n

    I even tried entering several this way:
    nvram set rc_firewall='/usr/sbin/iptables -I FORWARD -s xxx.xxx.xxx.0/24 -d xx.xx.xx.0/24 -j DROP'
    nvram set rc_firewall='/usr/sbin/iptables -I FORWARD -s xxx.xxx.xxx.0/24 -d xx.xx.xx.0/24 -j DROP'
    nvram set rc_firewall='/usr/sbin/iptables -I FORWARD -s xxx.xxx.xxx.0/24 -d xx.xx.xx.0/24 -j DROP'
    nvram commit

    Still only the last one show up, I even tried putting the commit command after each line, but every time after a reboot, I only have one entry.

    What am I doing wrong???
     
  2. u3gyxap

    u3gyxap Network Guru Member

    How many entries do you have before rebooting?
     
  3. spacejunk

    spacejunk Network Guru Member

    None show up until I reboot. Then the last entry will be there. If you mean how many am I trying to enter, about 40 or so.

    I was able to get the entries to stay by openeing the diagnostic window from the web GUI and entering;

    /usr/sbin/iptables -I FORWARD -s xx.xx.xx.0/24 -d xx.xx.xx.0/24 -j DROP
    /usr/sbin/iptables -I FORWARD -s yy.yy.yy.0/24 -d xx.xx.xx.0/24 -j DROP
    /usr/sbin/iptables -I FORWARD -s zz.zz.zz.0/24 -d xx.xx.xx.0/24 -j DROP

    And then clicking on "Save Firewall" and then rebooting the router. When you enter them this way, whatever you enter into the command window will relpace any other manual enteries that were there before. So if I want to add a new entry, say nn.nn.nn.nn then I have to redo like this:

    /usr/sbin/iptables -I FORWARD -s xx.xx.xx.0/24 -d xx.xx.xx.0/24 -j DROP
    /usr/sbin/iptables -I FORWARD -s yy.yy.yy.0/24 -d xx.xx.xx.0/24 -j DROP
    /usr/sbin/iptables -I FORWARD -s zz.zz.zz.0/24 -d xx.xx.xx.0/24 -j DROP
    /usr/sbin/iptables -I FORWARD -s nn.nn.nn.0/24 -d xx.xx.xx.0/24 -j DROP

    If you want to understand what I am doing, I am blocking networks that spammers are using to send spam. I have software that monitors and reports on what IP addresses are sending spam, so not only do I block them at the Spam Software level but I stop them at the firewall as well, preventing them from using CPU cycles on my Spam Blocking application.
     

Share This Page