How do I block specific IPs in my router's firewall?

Post Reply New Topic

Here's what my current file wall settings look like. I have no idea how to add a new rule to block an IP. This is equivalent to an alien language to me.

Luckily for me there are so many geniuses on this site so I know someone can help me out here.
.................................................

inbound

title [ Security Level Low IN rules ]

begin
RulesDropFrom192
drop from addr %LANADDR%:%LANMASK% >> done, alert 0 [WAN Traffic from LAN IP]
RulesPass
pass all

RulesDropAddress
drop from addr 0.0.0.0 >> done, alert 4 [ 0.0.0.0 Source IP Address]
RulesPassUDP
pass protocol udp, to port 53 >> done
pass protocol udp, from port 53 >> done

RulesDropICMP
drop protocol icmp >> alert 4 [ICMP Message To WAN IP]
RulesDropWANUDP
drop protocol udp, to addr %WANADDR%:32 >> done, alert 4 [UDP WAN Traffic to WAN IP]
RulesDropWANTCP
drop protocol tcp, to addr %WANADDR%:32 >> done, alert 4 [TCP WAN Traffic to WAN IP]
RulesPassGoodICMP
pass protocol icmp, to addr %WANADDR%:32 >> done, alert 0 [Responding to WAN Ping]
RulesPassGoodICMP
pass protocol icmp, to addr %LANADDR%:%LANMASK% >> done, alert 0 [Nat'ed LOCAL PING]
end




Outbound


title [ Security Level Low OUT rules ]

begin
RulesDropNETBIOS
drop to port >= 135, to port <= 139 >> done, alert 4 [Dropping NETBIOS Traffic]

RulesPass
pass all

end

You need to identify your firewall. Googling parts of your config landed me on a Suse page suggesting you're running Suse? Is the firewall on your computer or separate device?

I have no idea what you're talking about


I just want to know how I'd edit this to block just a specific IP.....


I'm aware that I could do it from firewall programs on my PC but I would prefer to have to blocked via the router

Um...why? If you're behind a router with NAT - nothing can open an unsolicited connection to anything on your network.

I want to block the following IPs on in this article from my router so that my internet connection can run faster

http://mitchribar.com/2013/02/how-to-st ... ows-guide/



I just don't understand the custom codes, it would be great if someone who does could properly code it so I can just copy and paste the text there

no helpage

You haven't provided any information regarding the make, model, or operating system of the router, or the operating system of your machine, or the firewall being employed, even when asked.

You shouldn't need to block IP's to make YouTube go faster.

What matters is having a fast connection and low latency and its also dependent if YouTube itself is not running slow because it gets loads of traffic in a day.

OK..We have a Netgear router that Cox provided us (Cox is the worst, BTW) and there's a program that you can download from the router admin page that will grant you control over those IPs...Also, try looking at your QoS and Multimedia settings...Our router has an option where I can designate traffic on such and such port more urgent than others..for example, I am a huge Doctor Who fan, and I am not to be patient with BUFFERING when my mom is browsing Facebook. My router is set up so that when I activate a Netflix media connection, I get HD priority (and a lot of complaining from other internet users)....Once my show is over, the bandwidth is reallocated evenly...until my NEXT EPISODE! (a few seconds apart)

Well, let's try a different approach.

Blocking an IP will not magically make your connection run faster, unless it's an IP which is being used heavily by something on your PC - something constantly uploading/downloading files, say.

But as sliqua-jcooter already mentioned, it wouldn't be possible for an external IP to open an unsolicited connection to anything on your network because your router would be using NAT, so that only leaves the possibility of something on your PC opening an external connection and making heavy use of it and consequently slowing things down for anything else.
I think you would already know if that was the case, so it can probably be discounted.

I get the impression that while your PC's connection may not actually be slow at the moment, faster is always better so anything helping to achieve that would be nice. You appear to think that the information on the page you linked is some sort of generally applicable technique which, when implemented, will speed up your connection.

You linked this page:
It shows a firewall rule, named "MITCHRIBARYTUBE", which will block incoming data from these address blocks:
173.194.55.0/24 (all addresses from 173.194.55.0 to 173.194.55.255)
206.111.0.0/16 (all addresses from 206.111.0.0 to 206.111.255.255)
The first block is assigned to Google, and the second is assigned to XO Communications.
The name of the rule is not significant and could be anything.

I have no idea why "Mitch" thinks this will speed up anyone's connection because it most certainly will not. It may well have made his connection faster but that was probably due to other things running on his computer, directly related to these IP blocks, which he has not mentioned - or it is some other issue and related to his specific ISP alone.
If you're fortunate (or unfortunate) enough to be using the same ISP as him and that what his firewall rules helped resolve is an issue with that ISP - then you're probably in luck and your speed might increase too - but generally, as in "anyone can use this to speed up their connection"?
Not a chance.

I don't know to what use Google and XO put those IPs, and some or all of them may not be in use anyway: assignment shows ownership only, not use.
It's possible that blocking a range of Google IPs, while not knowing their purpose, may have a detrimental affect on their services and could slow them down or stop them from functioning entirely.
XO Communications is a company based in Herndon, VA, which provides domestic telecom services and I would think that unless you are making use of the services they offer, the firewall rule blocking the related (and rather large!) IP range may be removed.

But if you want to block those IP ranges anyway - go right ahead...
As everyone else has already said, you will need to provide information about your firewall or router - there is no "universal code" that can be copy/pasted into any old firewall or router.

Or, if you're running Windows, he provides step-by-step instructions on how to add that rule to the Windows firewall.
Since he appears to claim that merely blocking those IPs will result in a faster connection, it shouldn't matter where they are being blocked.

The real lesson here is, if you don't understand how something as complicated as IP networking works and why it works the way that it does, you generally shouldn't fiddle with it.

No, actually, that is definitely *not* the lesson. After all, fiddling with something is how one gets the understanding to begin with.

The lesson here is that in order to get someone on the Internet to help you with something, you need to ask the right question. I have no desire to just "give you some code" that you can drop into your router - because I'm doing the work for you, and you don't gain any knowledge on your own.

Like Cornflake said, you're not blocking IPs, you're blocking whole blocks of addresses in CIDR notation (link to more information: http://en.wikipedia.org/wiki/Classless_ ... in_Routing)

You need to figure out how to block outbound traffic on your router - either with the firewall, or (if that isn't available) by adding a static route for those netblocks with a destination or next hop of 0.0.0.0

How that works depends on which router you have.

If something's slow, I am more likely to make connections on those ports a higher priority than to block IPs...

Then he would have to learn how to fiddle with the routers QOS settings but we still don't know what router he has.

The router can prioritize those packets rather than be treated the same as any other data to a specific IP address on the LAN.

In practice this could be a pointless exercise because the ISP may have imposed its own traffic prioritisation (some do), and no amount of QoS fiddling on the client's router would bypass that.

Depending on who you're intending to block, it may be a waste of time. Whenever my IP got blocked by a router I used to just manually change it to one on a list I had. Now I realize that was just wasted effort. There are lots of even simpler ways to hide who you are and what you're doing from the party that controls the router. I love sharing these things with students at the highschool in my town partially because I passionately hate the public school system, but also because they usually stroke my admittedly fragile ego when I show them how to visit blocked sites on the school computers or use C&A (the only thing I missed about windows when I started running only linux systems) to launch a man in the middle attack to get their least favorite teacher's facebook and email passwords so they can have fun with those. There are lots of linux tools that do the same things and better, but the user interface is rarely as nice in my experience.

Anyway, If the person you're trying to keep out is between the ages of 12 and 40 and has either an IQ above room temperature or knows at least one reasonably intelligent person willing to help them, blocking their IP will be (at most) a minor annoyance. I don't know the details of your particular situation so I don't know what to advise you to do, but I'm sure there's a way to accomplish what you want. When it comes to cyber-security, it's my experience there's always something that never occured to you (this goes for all parties involved of course). Ask yourself this: "In what way do I have my head up my ass?" and if you can't think of anything ask around. That's saved me from making a lot of incredibly embarassing mistakes in the past.