Search found 33 matches

Goto page 1, 2, 3  Next
Author Message
  Topic: How to best lockdown router with iptables
inetquestion

Replies: 1
Views: 39

PostForum: Advanced Networking   Posted: Mon Jan 30, 2023 20:49   Subject: How to best lockdown router with iptables
Is there a list of FW rules which can be added to iptables to bolster security. Would like to lock it down much more than the check boxes provided within the gui.

Running version r51506 on linksys ...
  Topic: [SOLVED]Firewall script present, but doesn't do anything
inetquestion

Replies: 9
Views: 198

PostForum: Advanced Networking   Posted: Mon Jan 30, 2023 1:42   Subject: [SOLVED]Firewall script present, but doesn't do anything
Out of curiosity, why is using ipset so much faster than adding rules through iptables? It's orders of magnitude faster. For ~10,000 addresses it took around 200-300 seconds to add them. Now it can ...
  Topic: [SOLVED]Firewall script present, but doesn't do anything
inetquestion

Replies: 9
Views: 198

PostForum: Advanced Networking   Posted: Sun Jan 29, 2023 3:30   Subject: [SOLVED]Firewall script present, but doesn't do anything
Adding ipset command in the firewall script first fixed it. Didn't realize iptables did a verification to ensure that existed, but it makes sense now. :)

Thanks for the assistance!
  Topic: [SOLVED]Firewall script present, but doesn't do anything
inetquestion

Replies: 9
Views: 198

PostForum: Advanced Networking   Posted: Sun Jan 29, 2023 3:24   Subject: [SOLVED]Firewall script present, but doesn't do anything
The ipset list is created by an external process which updates every minute with new entries. Think I see what you mean...

A test showed I'm unable to issue the iptables command if the ipset part ...
  Topic: [SOLVED]Firewall script present, but doesn't do anything
inetquestion

Replies: 9
Views: 198

PostForum: Advanced Networking   Posted: Sat Jan 28, 2023 19:51   Subject: firewall script not applied after reboot.
Currnetly running version: v3.0-r51306
Linksys WRT3200ACM

Many IPs were added to an ipset list named BLOCKED. This part is working. The part I'm confused about is why doesn't the rule below wh ...
  Topic: [SOLVED]Firewall script present, but doesn't do anything
inetquestion

Replies: 9
Views: 198

PostForum: Advanced Networking   Posted: Sat Jan 28, 2023 15:40   Subject: [SOLVED]Firewall script present, but doesn't do anything
Saved an entry in Administration>Commands>Firewall

[code]
iptables -I FORWARD -m set --match-set BLOCKED src -j logdrop
[/code]


Verified the entry above was saved to /tmp/.rc_firewal ...
  Topic: iptables - programmatically examine dropped IPs?
inetquestion

Replies: 1
Views: 197

PostForum: Advanced Networking   Posted: Fri Oct 21, 2022 21:26   Subject: iptables - programmatically examine dropped IPs?
Existing process creates a logdrop entry for offending IPs in iptables. Would like to see how often blocked IPs gets dropped afterward.

Looked in /var/log/messages and see nothing related to dr ...
  Topic: Enable/Disable Iptables rule via cron...
inetquestion

Replies: 8
Views: 1137

PostForum: Advanced Networking   Posted: Fri Jan 28, 2022 18:41   Subject: iptables additions not taking affect when updated via cron
Curious if you figured this out. Doing something similar...

If my script is run manually, it makes iptables additions as expected. The script when run via cron is running and is executing the com ...
  Topic: Host/network blocking based on IDS scan
inetquestion

Replies: 0
Views: 1477

PostForum: Advanced Networking   Posted: Wed Jan 12, 2022 13:07   Subject: Host/network blocking based on IDS scan
Came across an old program (scalp) which scans access logs looking for regex of known security exploits... Thought it would be interesting to integrate this with dd-wrt/iptables to block source of at ...
  Topic: need help Setting QoS via command line (telnet or ssh)
inetquestion

Replies: 12
Views: 8867

PostForum: Advanced Networking   Posted: Sat Oct 30, 2021 19:03   Subject: what was resolution?


Curious, did you resolved the issue/question with QOS? I'm getting something similar with SSH accepting authentication and then hanging. Many of the threads on that topics are pointing to QOS re ...
  Topic: TFTP upload script with menu - waits until host available
inetquestion

Replies: 3
Views: 13007

PostForum: Contributions Upload   Posted: Mon Oct 11, 2021 13:28   Subject: TFTP upload script with menu - waits until host available
Wondered why the HOST was in the *config* section... smh
  Topic: TX Power on status page for wlan2 reports 0 dBm.
inetquestion

Replies: 4
Views: 1460

PostForum: Marvell MVEBU based Hardware (WRT1900AC etc.)   Posted: Thu Jul 22, 2021 15:48   Subject: TX Power on status page for wlan2 reports 0 dBm.
Don't want to sound like a party pooper but it's been repeated 100's of times that WLAN2 is for Radar detection and should not be used as a regular AP. It does work but has no antennas and is very lim ...
  Topic: TX Power on status page for wlan2 reports 0 dBm.
inetquestion

Replies: 4
Views: 1460

PostForum: Marvell MVEBU based Hardware (WRT1900AC etc.)   Posted: Thu Jul 08, 2021 23:24   Subject: TX Power on status page for wlan2 reports 0 dBm.
Title says it all...
Status=>Wireless->wlan2

Also occurs on the info page.


Router: wrt3200acm
Firmware: r47033

Yes, wlan2 is active and has clients connected to it.
  Topic: Change DNSMasq options on the fly based on svr availability
inetquestion

Replies: 2
Views: 642

PostForum: Advanced Networking   Posted: Tue Jul 06, 2021 22:54   Subject: Change DNSMasq options on the fly based on svr availability
Running piHole on another machine and put the following setting in dnsmasq to issue this server as the DNS server:

6,192.168.0.2

Occasionally piHole goes down and everything on the network is ...
  Topic: TFTP upload script with menu - waits until host available
inetquestion

Replies: 3
Views: 13007

PostForum: Contributions Upload   Posted: Mon Jun 28, 2021 15:49   Subject: TFTP upload script with menu - waits until host available
Choose image file to upload, then go. Script waits for target host to be available on network before attempting to upload file.

Used this on a Mac, should be portable across multiple *nix flavors. ...
Goto page 1, 2, 3  Next
All times are GMT
Navigation
Jump to: