Firewall - How do I block an IP?

Discussion in 'Tomato Firmware' started by kardzzz, Feb 10, 2010.

  1. kardzzz

    kardzzz Addicted to LI Member

    Hi Guys,
    My norton360 has been bugging me all day about a 'Attempted Intrusion' from a certain IP (\3xx\online.jpg). I've downloaded all the MS and norton updates and did a full scan norton/malwarebytes. Everything is clean. I've put the IP on firewall block in Nortons.

    How do I add that IP to the tomato firewall? I want to be secure in case my norton fails to load and starts introducing viruses.

  2. bswenso2

    bswenso2 Addicted to LI Member

    I believe this is what you would want to put in /etc/iptables. Should drop incoming traffic from that IP on all ports.

    iptables -A INPUT -s -j DROP
  3. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    All incoming requests are already blocked by default. However, despite being called an "intrusion", the fact that it contains a URL your computer is attempted to connect to this site - not the other way around.
    In Tomato, /etc/iptables is rebuilt whenever the firewall is restarted so you want to add any rules to the firewall script in the GUI, not editing the file directly. Also, the INPUT chain is only for traffic destined for the router itself, not for traffic being forwarded on to any other device.

    I think what he's looking for is:
    iptables -I FORWARD -d -j DROP
    iptables -I FORWARD -d -j DROP
    This goes ahead and blocks traffic in both directions, even though the first rule should be enough.
  4. kardzzz

    kardzzz Addicted to LI Member

    Thanks for your replies, I added the following to my script > firewall , then rebooted

    #Block IP address security issue
    iptables -I FORWARD -d -j DROP
    iptables -I FORWARD -d -j DROP

    I think i'll sleep a little better now. One friend of mine informs me he had a 'hijack attack' yesterday. I can't stop to think its related?
  5. Badders44

    Badders44 LI Guru Member

    Am I cracking up or are both commands supposed to be identical? :confused:
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice