[gaspatcho]

I am getting a lot of hacking attempts coming into my dd-wrt router. I have a list of IP addresses that I would like to allow to connect and would like to reject any incoming TCP connections or incoming UDP packets that have public IP addresses that are not in my list. I still need to be able to send UDP packets or do outbound TCP connections to any public address. The closest thing I have been able to find is the IPTABLE commands but cannot find any detailed explanation of how to use it (the IPTABLE scripts have too many buzzwords that I don't understand). Is there a way to do what I'm looking for? If so, how should I go about it.

Summarize: Reject any incoming TCP connection who's source address is not in my list. Discard any incoming UDP packet that is not in my list. Allow any outbound TCP connection to any address. Allow any outbound UDP packet to any address. It would also help to optionally log any rejections but it's not a requirement.

I am willing to help a dd-wrt expert with documetation to explain some of the terminology being used so others can use it more easily.

[egc]

Unless you deviated from defaults everything trying to connect to your router is not allowed, that is what the default firewall is for.

Provided you are running a current build e.g. 52569 and do not have remote administration enabled.

[dale_gribble39]

Anything targeting your WAN would be a result of one of your LAN clients navigating where it probably shouldn't. By default, outside of enabling the limit telnet, ssh, etc. in the firewall settings, there is little to no attack surface as sir @egc has already stated.