Hi,
On my RUT240 FW ver.: RUT2XX_R_00.01.13.1 I want to block all packet from IP 192.168.43.4 in LAN. I used the firewall custom rules to add:
iptables -I INPUT -s 192.168.43.4 -j DROP
but all packets are still going through since I can get them with Wireshark on IP 192.168.43.8. I checked the Iptables and it starts with:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
26 884 DROP all -- * * 192.168.43.4 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
345 27227 input_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* !fw3: user chain for input */
242 16733 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* !fw3 */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID /* !fw3 */
1 64 syn_flood tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 /* !fw3 */
103 10494 zone_lan_input all -- br-lan * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_wan_input all -- wwan0 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_vpn_input all -- tun_+ * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_l2tp_input all -- l2tp+ * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_l2tp_input all -- xl2tp+ * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_pptp_input all -- pptp+ * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_gre_input all -- gre+ * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_hotspot_input all -- tun0 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_hotspot_input all -- tun1 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_hotspot_input all -- tun2 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_hotspot_input all -- tun3 * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
0 0 zone_sstp_input all -- sstp-+ * 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
So 26 packets seems to be DROPped but I can still see them with Wireshark.
Where am I wrong?
Please help!
Best,