At the end I would like to block specific ports only but since I could not manage to do it I now try to simply block all packet from this host yes. And yes this host is on the LAN Network.
I added the second rule to block income and outcome but still not work.
When I run: /etc/init.d/firewall restart
I got: (check highlighted part!)
Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @zone[1] (wan) cannot resolve device of network 'ppp'
Warning: Section @zone[1] (wan) cannot resolve device of network 'tun'
Warning: Section @zone[1] (wan) cannot resolve device of network 'wwan0v6'
Warning: Section @zone[2] (vpn) cannot resolve device of network 'vpn'
Warning: Section 'l2tp_zone' cannot resolve device of network 'l2tp'
Warning: Section 'pptp_zone' cannot resolve device of network 'pptp'
Warning: Section 'gre_zone' cannot resolve device of network 'gre'
Warning: Section @zone[6] (hotspot) cannot resolve device of network 'hotspot'
Warning: Section 'sstp' cannot resolve device of network 'sstp'
Warning: Option @rule[16]._name is unknown
Warning: Option @rule[17]._name is unknown
Warning: Option @rule[18]._name is unknown
does not specify a protocol, assuming TCP+UDP
does not specify a protocol, assuming TCP+UDP
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv4 raw table
* Flushing IPv6 filter table
* Flushing IPv6 nat table
* Flushing IPv6 mangle table
* Flushing IPv6 raw table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Zone 'lan'
* Zone 'wan'
* Zone 'vpn'
* Zone 'l2tp'
* Zone 'pptp'
* Zone 'gre'
* Zone 'hotspot'
* Zone 'sstp'
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-vpn-traffic'
* Rule 'Block All'
* Rule 'Block All'
* Forward 'vpn' -> 'lan'
* Forward 'l2tp' -> 'lan'
* Forward 'pptp' -> 'lan'
* Forward 'gre' -> 'lan'
* Forward 'hotspot' -> 'wan'
* Populating IPv4 nat table
* Zone 'lan'
* Zone 'wan'
* Zone 'vpn'
* Zone 'l2tp'
* Zone 'pptp'
* Zone 'gre'
* Zone 'hotspot'
* Zone 'sstp'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Zone 'vpn'
* Zone 'l2tp'
* Zone 'pptp'
* Zone 'gre'
* Zone 'hotspot'
* Zone 'sstp'
* Populating IPv4 raw table
* Zone 'lan'
* Zone 'wan'
* Zone 'vpn'
* Zone 'l2tp'
* Zone 'pptp'
* Zone 'gre'
* Zone 'hotspot'
* Zone 'sstp'
* Populating IPv6 filter table
* Zone 'lan'
* Zone 'wan'
* Zone 'vpn'
* Zone 'l2tp'
* Zone 'pptp'
* Zone 'gre'
* Zone 'hotspot'
* Zone 'sstp'
* Rule 'Allow-vpn-traffic'
* Rule 'Allow-DHCPv6'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule 'Block All'
! Skipping due to different family of ip address
! Skipping due to different family of ip address
* Rule 'Block All'
! Skipping due to different family of ip address
! Skipping due to different family of ip address
* Forward 'vpn' -> 'lan'
* Forward 'l2tp' -> 'lan'
* Forward 'pptp' -> 'lan'
* Forward 'gre' -> 'lan'
* Forward 'hotspot' -> 'wan'
* Populating IPv6 nat table
* Zone 'lan'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
* Zone 'wan'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan_rule'
* Zone 'vpn'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_vpn_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_vpn_rule'
* Zone 'l2tp'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_l2tp_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_l2tp_rule'
* Zone 'pptp'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_pptp_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_pptp_rule'
* Zone 'gre'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_gre_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_gre_rule'
* Zone 'hotspot'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_hotspot_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_hotspot_rule'
* Zone 'sstp'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_sstp_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_sstp_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Zone 'vpn'
* Zone 'l2tp'
* Zone 'pptp'
* Zone 'gre'
* Zone 'hotspot'
* Zone 'sstp'
* Populating IPv6 raw table
* Zone 'lan'
* Zone 'wan'
* Zone 'vpn'
* Zone 'l2tp'
* Zone 'pptp'
* Zone 'gre'
* Zone 'hotspot'
* Zone 'sstp'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
* Running script '/tmp/privoxy/firewall'
* Running script '/etc/logtrigger/fwblock_wrapper.sh'
* Running script '/etc/add-firewall-rule.sh'
* Running script '/etc/add-rs-rule.sh'
* Running script '/etc/add-port-rule.sh'
iptables: No chain/target/match by that name.
iptables v1.4.21: Couldn't load target `zone_port_scan':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.21: Couldn't load target `zone_port_scan':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
! Failed with exit code 1
* Running script '/tmp/ipsec/firewall.sh'
! Skipping due to path error: No such file or directory