Alozaros DD-WRT Guru
Joined: 16 Nov 2015 Posts: 6435 Location: UK, London, just across the river..
|
Posted: Mon Jan 30, 2023 22:16 Post subject: |
|
1. Detect/block port scanning, permanently block offenders - in the standard DDWRT environment that is provided out of the box...you have to manually do that...otherwise, you'd need and extra package..like snort, suricata, fail2ban and ect.
Im not sure if this rule will work, as some of the iptables modules are not present on every router or even at all..
iptables -I FORWARD -m recent --name portscan --rcheck --seconds 8640 -j DROP
2. Bolster iptables rules to block known attacks. - many firewalling rules are available online google iptables firewall linux and ect..
3. Other use cases? - what other cases ???
In general, SPI firewall that comes with DDWRT works well as a standard SPI it will allow any established and related connections, that are already coming from inside and will block anything else that is not related or try's to make a new connection... google SPI firewall
I guess on your router, there will be IPset support and those are more robust, fast and less resource taking than iptables, with both you have some powerful stuff to do more... more on IPset read the egc excellent guide from sticky's https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261
Also the practice i have is to disable telnet(which is enabled by default), lock the router GUI WEB interface, and only allow GUI only when i need it...to do that i log in via SSh with secure file key only (disable password SSh login), and manually add iptables permit rules...usually mac or IP based.
And form security page limit SSh, and other access, this will impose rules that will permit few attempts time based...
Also don not use remote administration over the WAN, unless you know what you are doing...best practice for that is to use Wireguard or VPN or SSh only... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55779 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913 |
|