1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

firewall script port blocking

Discussion in 'Tomato Firmware' started by RocketRay, Oct 28, 2011.

  1. RocketRay

    RocketRay Networkin' Nut Member

    I'm trying to use iptables in Administration->Scripts->Firewall to port block IRC but it's not working. I can do this:

    iptables -A OUTPUT -d 192.168.1.187 -j DROP
    And that works just fine. But when I try to block just the IRC ports like this:

    sleep 5
    iptables -I OUTPUT -p tcp --source-port 6660:7001 -j DROP
    iptables -I OUTPUT -p udp --source-port 6660:7001 -j DROP
    iptables -I OUTPUT -p tcp --destination-port 6660:7001 -j DROP
    iptables -I OUTPUT -p udp --destination-port 6660:7001 -j DROP
    You can still connect to IRC. It even says it's connecting via port 6667.
    I'm running 1.28 on a WRT54G. Please help!
     
  2. mstombs

    mstombs Network Guru Member

    "OUTPUT" is for connections that originate in the router, use "FORWARD" to stop the router just passing them on. Port forwards need entries in "nat PREROUTING" as well as "FORWARD", blocks can also be put in there. There may already be tomato specific chains you can add to such as "wanout" - study the output of "iptables -nvL" and "iptables -t nat -nvL" for your specific firmware version.
     
  3. RocketRay

    RocketRay Networkin' Nut Member

    That did it! Just needed FORWARD. Thought I tried that before, but it works now!

    Thanks.
     

Share This Page