Question

Hi,

On my RUT240 FW ver.: RUT2XX_R_00.01.13.1 I want to block all packet from IP 192.168.43.4 in LAN. I used the firewall custom rules to add:

iptables -I INPUT -s 192.168.43.4 -j DROP

but all packets are still going through since I can get them with Wireshark on IP 192.168.43.8. I checked the Iptables and it starts with:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination         

   26   884 DROP       all  --  *      *       192.168.43.4         0.0.0.0/0           

    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0            /* !fw3 */

  345 27227 input_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* !fw3: user chain for input */

  242 16733 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED /* !fw3 */

    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID /* !fw3 */

    1    64 syn_flood  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02 /* !fw3 */

  103 10494 zone_lan_input  all  --  br-lan *       0.0.0.0/0            0.0.0.0/0            /* !fw3 */

    0     0 zone_wan_input  all  --  wwan0  *       0.0.0.0/0            0.0.0.0/0            /* !fw3 */

    0     0 zone_vpn_input  all  --  tun_+  *       0.0.0.0/0            0.0.0.0/0            /* !fw3 */

    0     0 zone_l2tp_input  all  --  l2tp+  *       0.0.0.0/0            0.0.0.0/0            /* !fw3 */

    0     0 zone_l2tp_input  all  --  xl2tp+ *       0.0.0.0/0            0.0.0.0/0            /* !fw3 */

    0     0 zone_pptp_input  all  --  pptp+  *       0.0.0.0/0            0.0.0.0/0            /* !fw3 */

    0     0 zone_gre_input  all  --  gre+   *       0.0.0.0/0            0.0.0.0/0            /* !fw3 */

    0     0 zone_hotspot_input  all  --  tun0   *       0.0.0.0/0            0.0.0.0/0            /* !fw3 */

    0     0 zone_hotspot_input  all  --  tun1   *       0.0.0.0/0            0.0.0.0/0            /* !fw3 */

    0     0 zone_hotspot_input  all  --  tun2   *       0.0.0.0/0            0.0.0.0/0            /* !fw3 */

    0     0 zone_hotspot_input  all  --  tun3   *       0.0.0.0/0            0.0.0.0/0            /* !fw3 */

    0     0 zone_sstp_input  all  --  sstp-+ *       0.0.0.0/0            0.0.0.0/0            /* !fw3 */

So 26 packets seems to be DROPped but I can still see them with Wireshark.

Where am I wrong?

Please help!

Best,

Answer 1

Hello, 

For your additional information, I prefer you doing that rule using the Web UI itself. 

You can do it by navigating to Network > Firewall > Traffic Rules 

Kindly check this link for more information: RUT240 Firewall - Teltonika Networks Wiki (teltonika-networks.com) 

Regards,
Jerome

 

Comments

Hello, 

I recommend re-flash the firmware without keeping the settings. Then after reflashing is done configure the traffic rule via Web UI. You can do it on Network > Firewall > Traffic Rule 

Outgoing Rule: 
Source Zone: LAN
Source IP: 192.168.43.4
Destination Zone: Any
Action: Drop

Incoming Rule: 
Source zone: Any
Destination IP: 192.168.43.4
Destination Zone: LAN
Action: Drop

If the issue still persists let me know. 

Regards,
Jerome 

---

Hi Jerome,

I tried again flashing the firmware and add the 2 rules but still not working. I can give you RMS access if it can help. I'm a bit lost.

Best,

---

Hello,

Okay, kindly pm me the credential and the RMS link.

Regards,

Jerome

---

Yes I ll do it tonight.

Thanks

---

Hi Jerome,

I spent some time on this and realize my issue was that I tried blocking broadcast packets which apparently is not feasible like this.

I open a new discussion in the forum to find the best solution for my network.

Thanks for your help!