Script written by frater
This service is perhaps the single most valuable tool for your network. Whether you are just a normal user, or you are running an FTP/Web-server, this will add vital security to your data and peripheral devices.
By default it is not enabled. To enable it, open up either a telnet/SSH prompt, login, and enter service asiablock on followed by service asiablock start.
Once the start command is issued, you will see the service scanning IP range subnets from various countries around the world that are a potential threat to your network security. Once they are downloaded, you will now have enhanced security that is configurable to your specific demands.
Countries that are blocked by default are:
- cn = China
- af = Afghanistan
- au = Australia
- pk = Pakistan
- in = India
- my = Malaysia
- ua = Ukrain
- ng = Nigeria
- kh = Cambodia
- li = Liechtenstein
You can also add or remove countries by editing the Asiablock Script using VIM. To do this, shutdown Asiablock with the stop and off parameters, then type vi /opt/etc/init.d/S95asiablock
It is wise to know what you are doing before you do this though. Search the forums or the net for instructions.
To further enhance this service, you will need to add the following to your rc_firewall in Administration->Commands:
NOTE For users with PPPoE connections, use the command wanf=`get_wanface` for the WAN interface wildcard variable. Do not use the example depicted below if you have PPPoE as it will not work!
wanf=`nvram get wan_iface` iptables -I INPUT 2 -i $wanf -p tcp -j asia iptables -I FORWARD 1 -i $wanf -p tcp --dport 20:1024 -j asia
The "forward" is for service running on you LAN.
The "input" is for service running on your router.
This happens to be my personal firewall that provides excellent security from Asian and other hackers/bots.
The dport 20:1024 -j asia rule prevents IP subnets dictated by asiablock from performing a portscan in order to hack either my FTP, SSH, Telnet, SNMP etc.
Here is a logged event of just such an attempt (notice the DROP and the attempted port 22):
Apr 15 12:28:52 Asus user.warn kernel: [asia DROP] : IN=vlan2 OUT= MAC=00:0c:41:bd:f3:0c:00:01:5c:24:73:41:08:00:45:00:00:30 SRC=220.127.116.11 DST=173.16x.2x.1x LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=36382 PROTO=TCP SPT=42506 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 root@Asus:~#
Another useful trick included into Asiablock is the spam-list and ham-list. For instance, if you wanted to "add" a IP subnet to Asiablock (could be an angry co-worker or friend) use the following command (The 18.104.22.168/18 is the CIDR IP subnet range you want to block.):
That is just an example, but you can obtain your specified IP subnet you want to block by using the whois command for the IP that is a potential threat (the 0.0.0.0 shall be replaced by the IP):
To ensure that it took effect, first type service asiablock start (restarts the firewall) then issue the following command which will list all Asiablock IP bans:
cat /var/log/messages | grep asia | grep -o "SRC=.* DST" | sort -u
Another useful command that will display your firewall integrity is:
iptables -nvL | more
Hit enter to continue with the readout
As the Asiablock script is still in the experimental stage and subject to change due to either build bug fixes or for enhanced usability, it is wise to update it periodically. (once every 2 weeks should suffice)
To do this, simply insert the following into a shell prompt and type service asiablock start)
wget -O /opt/etc/init.d/S95asiablock http://wd.mirmana.com/S95asiablock_2010 service asiablock on service asiablock start
For more information or questions, visit this thread: