How to block certain IP range from coming into tomato?

Discussion in 'Tomato Firmware' started by micko_escalade, Feb 22, 2010.

  1. micko_escalade

    micko_escalade Network Guru Member


    How do I block this ip range from coming into my tomato -
    and should I place it under Administration > Scripts > Firewall ?

    Any help is appreciated!
  2. micko_escalade

    micko_escalade Network Guru Member

  3. ntest7

    ntest7 Network Guru Member

    It's unclear what you mean by "coming into", please be more specific about what problem you're trying to solve.

    Do you want to prevent IPs from that range from accessing your remote admin page, or are you trying to prevent local users from browsing that range, or ...

    Whatever you want will likely be placed in the Admin->Scripts->Firewall page, and there are likely already plenty of examples posted here.
  4. micko_escalade

    micko_escalade Network Guru Member

    Thanks for the reply!

    problem that I have is the above ip range randomly is trying to log in/hack into my Asterisk box on my network.
    So I just want to block on Tomato so it never enters into my network.
    I tired to simulate and test with my friends remote computer by blocking and every time I would place any iptables rule into Admin->Scripts->Firewall page he was able to ping my router.

    I would really appreciate if you could give me some examples on how to block it.
  5. rhester72

    rhester72 Network Guru Member

    Can you give an example of what you've tried?

    If you are specifying a protocol (e.g. -p tcp), note that pings will still work because they use ICMP echo, not TCP.

  6. ntest7

    ntest7 Network Guru Member

    How about something simple like:
    iptables -I wanin -s -j DROP

    That will block Just add the above line to the admin->scripts->firewall page, save it, and reboot.
  7. micko_escalade

    micko_escalade Network Guru Member


    This did not work:
    iptables -A INPUT -s -j DROP
    iptables -I wanin -s -j DROP

    My friends public ip:

    I tried rebooting every time I changed and still nothing.
  8. ntest7

    ntest7 Network Guru Member

    Just tested here with
    iptables -I INPUT -s -j DROP
    and the target ip can't ping or connect to any port.
    For testing you can telnet or ssh to your router and type in the iptables commands directly to make sure you have the syntax right, and you can use "iptables -nvL" to list current rules.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice