dd-wrt Firewall Script 2011-06-03
Okay, that was more complicated than it had to be. I checked my logs again today and of course there were more entries from 61.237.145.81 trying to register on my Asterisk box. I checked the iptables entries on my dd-wrt router and the commands I had shoved in were gone. Did it restart? Did I fuck something up? I don't know, but it seemed like a startup script was going to be necessary.
The Script Execution Page of the dd-wrt wiki says that if you just give your script the correct name and put it in the correct place then you are good to go. There's a bit more to it though, here's the deal:
- Have your script pre-written
- Log in to your router's web interface
- Enable jffs on the Administration page and set it to clean
- Save, Apply settings, and reboot the router
- Telnet or ssh in to your router (can also be enabled on Admin page if required)
- Create a /jffs/etc/config directory
- Create your script and name it something.startup
- Give it a chmod of 755
I read somewhere that someone suggested putting a "sleep xx" command at the beginning of the script so I set mine to 90 seconds. This way if I lock myself out of my router I can reboot it and have 90 seconds to telnet in, rename the script, and reboot. My example:
#!/bin/sh
sleep 90
iptables -I FORWARD 1 -s 61.232.0.0/14 -j DROP
iptables -I FORWARD 1 -s 61.236.0.0/15 -j DROP
iptables -I FORWARD 1 -s 195.190.164.0/22 -j DROP
iptables -I FORWARD 1 -s 195.190.168.0/24 -j DROP