And when I save that in firewall, I losse my wifi network 5 and 2.4, but only my guest network is still working, do you have an idea?
Thanks, I run last build, march 13th o R7800
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Fri Mar 15, 2024 8:31 Post subject:
hmm... it seams I dont have a troubles with the current config on my R7800...so...we need way more details about your current config...on this particular device...
in general once you save those rules firewall will restart rebuild towards the new changes and it will restart/re-execute some services too...what does reboot doing in this case...
there must be something that interferes...
did you replace 2c:xx:xx:xx:bc:xx with your mac address as it was advised or you pasted the rule like that even thou it shouldn't behave like that...
just to question your rules again...what is the overall goal on those...?
fist rule will block ssh port 22 (if its not changed)...bear in mind this rule will, block it only locally as INPUT is used..and it will block in general for every interface...
iptables -I INPUT -p tcp --dport 22 -j DROP
second rule will accept traffic on port tcp 443 on bridge br0 destination again localy
iptables -I INPUT -i br0 -p tcp --dport 443 -m mac --mac-source 2c:xx:xx:xx:bc:xx -j ACCEPT
Tthere must be a something wrong in your config that will cause such a ridicule behaviour...
just for the record...
i do have those 2 in the same order..
iptables -I INPUT -i br0 -p tcp --dport 443 -j REJECT
iptables -I INPUT -i br0 -p tcp --dport 443 -m mac --mac-source AC:4C:21:3E:62:A2 -j ACCEPT
(i do also have those for ssh, but i selected a different port for it 44550, also i do have few bridges so, its all set accordingly)
if you want to stop SSH in general disable it generally form services page...instead of drop rule...but anyway...we dont know details that may be vital if you decide post pic of your firewall config... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Fri Mar 15, 2024 12:47 Post subject:
jauch888888 wrote:
HI,
yes I added my own mac address, also, in my firewall config, I have a firewall for my guest network.
What I try to do is to secure my ssh session, like in open wrt, I choose '' only from lan''
In general DDWRT is not like OpenWRT...both very different...
By default DDWRT SSh is not turned on...and when you turn it on from Services tab ..it operates only on LAN side...it does not propagate on WAN at all..if you need it on a WAN side than you go to Administration tab remote administration section and enable it there for WAN access...
as ho1Aetoo noted those should be ok...
iptables -I INPUT -p tcp --dport 22 -j DROP
iptables -I INPUT -p tcp --dport 22 -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913