TechInfoDepot:DD-WRT/Port Blocking

This tutorial will show you basic commands for blocking traffic from accessing your network.

Example:


 * Web = Port 80
 * FTP = Port 21

In order to set rules on specific ports, you need to access iptables. You will have greater control accessing the iptables via SSH or Telnet. If you feel more comfortable running commands via the router's web interface, then you can do so by logging into your router's Administration/Diagnostics page. From there you can input your desired commands into the Command Shell.

Commands
Port Blocking - Block all users to port 80:


 * iptables -I FORWARD -p tcp --dport 80 -j DROP

Port Blocking - Block a SINGLE user to port 21:


 * iptables -I FORWARD -s 192.168.1.101 -p tcp --dport 21 -j DROP

Port Blocking - Block a RANGE of users to port 21 (not available in most embedded builds):


 * iptables -I FORWARD -s 192.168.1.1-192.168.1.101 -p tcp --dport 21 -j DROP

Port Blocking - Block a RANGE of users to port 21 based upon a SUBNET:


 * iptables -I FORWARD 1 -s 192.168.1.0/24 -p tcp --dport 21 -j DROP

List iptables - List the rules in a chain or all chains:


 * iptables -L

Undo Rule - Delete rule rulenum (1 = first) from chain:


 * iptables -D FORWARD 1

Flush Rules from iptables - Delete all rules in chain or all chains:


 * iptables -F

Multiple Ports - Create multiple rules:
 * iptables -I FORWARD -p tcp --dport 21 -j DROP
 * iptables -I FORWARD -p tcp --dport 80 -j DROP

Or, just use one rule to accomplish the same thing:
 * iptables -I FORWARD -p tcp -m multiport --dport 21,80 -j DROP

Port Range - Use a colon to select a port range (Port 21 through 80 will be closed):
 * iptables -I FORWARD 1 -p tcp --dport 21:80 -j DROP

External Resources
PortForward - List of the most commonly used ports