WikiDevi.Wi-Cat.RU:DD-WRT/Port Blocking
This tutorial will show you basic commands for blocking traffic from accessing your network.
Example:
- Web = Port 80
- FTP = Port 21
In order to set rules on specific ports, you need to access iptables. You will have greater control accessing the iptables via SSH or Telnet. If you feel more comfortable running commands via the router's web interface, then you can do so by logging into your router's Administration/Diagnostics page. From there you can input your desired commands into the Command Shell.
Commands
Port Blocking - Block all users to port 80:
- iptables -I FORWARD -p tcp --dport 80 -j DROP
Port Blocking - Block a SINGLE user to port 21:
- iptables -I FORWARD -s 192.168.1.101 -p tcp --dport 21 -j DROP
Port Blocking - Block a RANGE of users to port 21 (not available in most embedded builds):
- iptables -I FORWARD -s 192.168.1.1-192.168.1.101 -p tcp --dport 21 -j DROP
Port Blocking - Block a RANGE of users to port 21 based upon a SUBNET:
- iptables -I FORWARD 1 -s 192.168.1.0/24 -p tcp --dport 21 -j DROP
List iptables - List the rules in a chain or all chains:
- iptables -L
Undo Rule - Delete rule rulenum (1 = first) from chain:
- iptables -D FORWARD 1
Flush Rules from iptables - Delete all rules in chain or all chains:
- iptables -F
Multiple Ports - Create multiple rules:
- iptables -I FORWARD -p tcp --dport 21 -j DROP
- iptables -I FORWARD -p tcp --dport 80 -j DROP
Or, just use one rule to accomplish the same thing:
- iptables -I FORWARD -p tcp -m multiport --dport 21,80 -j DROP
Port Range - Use a colon to select a port range (Port 21 through 80 will be closed):
- iptables -I FORWARD 1 -p tcp --dport 21:80 -j DROP
See Also
Iptables command - Lists all available commands for use in iptables
Telnet/SSH and the Command Line - How to on Telnet and SSH
External Resources
PortForward - List of the most commonly used ports