Blocking a port range in OpenWRT using iptables

Some time ago, I had to make sure that clients on my home network could not connect to any hosts on the internet, ports 6000 to 65000 (both inclusive) - since I thought it was the easier way to block bittorrent on OpenWRT.

Today I needed that again, so just as a reminder to myself, I post a little guide here.

First, log into your router, then open /etc/firewall.user

Add the following line:

iptables -t nat -A PREROUTING  -p tcp --dport 6000:65000 -j DROP

Then, run /etc/init.d/firewall restart - on your router of course.

Of course, you could replace tcp with upd, replace DROP with REJECT or whatever suits your needs.

Written by Jannich Brendle tor 20 august 2009 In How to

tags: howtoiptableslinuxOpenWrt

Related posts