Configuring iptables script for DD-WRT

[ryan256]

I run an email server from my home. I have noticed several attempts to brute force my server from IP addresses in China and other countries. When this happens I look up the IP addresses on apnic.net or ripe.net and then add a rule to my router to ban their whole subnet. I want to ban them at my router, not my email server because I don't want them to even see my network anymore.
I don't think this script works correctly though. My office has 2 networks with 2 different public IP addresses. My phone was connected to network1 and my workstation on network2. I connected to my router from my workstation and added a rule to drop all traffic on a subnet that included the public IP address of network1, but not network2. I then tried to RDP to my email server from my phone and was able to do so. My phone should have been blocked from connecting.

Here is a sample of the iptables script I have built so far. I don't think it works correctly though and would like some help.

iptables -I INPUT -s 105.236.0.0/16 -j DROP
iptables -I INPUT -s 110.234.0.0/15 -j DROP
iptables -I INPUT -s 114.80.0.0/12 -j DROP
iptables -I INPUT -s 118.0.0.0/8 -j DROP
iptables -I INPUT -s 121.128.0.0/10 -j DROP
iptables -I INPUT -s 122.224.36.24/29 -j DROP
iptables -I INPUT -s 124.192.0.0/15 -j DROP
iptables -I INPUT -s 134.208.0.0/16 -j DROP
iptables -I INPUT -s 144.32.0.0/12 -j DROP
iptables -I INPUT -s 183.192.0.0/10 -j DROP
iptables -I INPUT -s 188.124.8.0/24 -j DROP
iptables -I INPUT -s 193.87.172.128/25 -j DROP
iptables -I INPUT -s 200.68.80.0/20 -j DROP
iptables -I INPUT -s 202.164.41.16/28 -j DROP
iptables -I INPUT -s 202.85.208.0/20 -j DROP
iptables -I INPUT -s 203.197.0.0/16 -j DROP
iptables -I INPUT -s 203.40.0.0/13 -j DROP
iptables -I INPUT -s 204.133.174.0/29 -j DROP
iptables -I INPUT -s 209.172.34.128/27 -j DROP
iptables -I INPUT -s 209.190.128.0/18 -j DROP

 

[ryan256]

Bump.
Could really use some help on this from someone please. I'm very new to making iptables configurations.

 

[MrColin]

I'm guessing that you have a rule that forwards you RDP port and that rule accepts the connection before the blocking rules are evaluated, just a guess on my part. Try going at it with nmap and see what you get.

Nmap is a free scanning tool, you can get it here http://nmap.org/

Since you are running DD-WRT, you should be extra careful that UPnP is turned off. Pretty much all of the opensource implementations have an exploitable vulnerability.

If you access the router via ssh you can output the rules with "iptables -L" if you have any doubts about your rules bein applied.