snork.ca: Welcome to the brown age of computing! Mostly Cloudy, -7.5°C [W: -12°C] - No precip

dd-wrt Firewall Script 2011-06-03


dogswing Stolen from boredpanda.

Okay, that was more complicated than it had to be. I checked my logs again today and of course there were more entries from 61.237.145.81 trying to register on my Asterisk box. I checked the iptables entries on my dd-wrt router and the commands I had shoved in were gone. Did it restart? Did I fuck something up? I don't know, but it seemed like a startup script was going to be necessary.

The Script Execution Page of the dd-wrt wiki says that if you just give your script the correct name and put it in the correct place then you are good to go. There's a bit more to it though, here's the deal:

  1. Have your script pre-written
  2. Log in to your router's web interface
  3. Enable jffs on the Administration page and set it to clean
  4. Save, Apply settings, and reboot the router
  5. Telnet or ssh in to your router (can also be enabled on Admin page if required)
  6. Create a /jffs/etc/config directory
  7. Create your script and name it something.startup
  8. Give it a chmod of 755

I read somewhere that someone suggested putting a "sleep xx" command at the beginning of the script so I set mine to 90 seconds. This way if I lock myself out of my router I can reboot it and have 90 seconds to telnet in, rename the script, and reboot. My example:

#!/bin/sh
sleep 90
iptables -I FORWARD 1 -s 61.232.0.0/14 -j DROP
iptables -I FORWARD 1 -s 61.236.0.0/15 -j DROP
iptables -I FORWARD 1 -s 195.190.164.0/22 -j DROP
iptables -I FORWARD 1 -s 195.190.168.0/24 -j DROP
Made with Notepad++ & FastStone, without javascript, cookies, or the help of Clippy or ai. Hosted on Devuan with nginx & powered by NK shrooms.