My modem is double NAT'd onto a router running Tomato firmware.
On the Telecom NZ Thomson TG585 V8 I'd like to block subnet'd networks(10.0.0.0/24) on the ADSL2 (WAN) interface for example:
211.136.0.0/13
When I attempt to block... lets say a Vodafone network, as a test, it remains accessible via the TG585.
The following event log show a connection to a wwww server which is enabled via port forwarding, but which I was attempting to block on a given network/mask
FIREWALL rule : Protocol: TCP Src ip: 202.nnn.nnn.nnn Src port: 16110 Dst ip: 10.nnn.nnn.nnn Dst port: 80 Chain: forward_host_service Rule Id: 8 Action: accept
I'm not sure if ANY tunneling takes priority over any other rules and thus becomes null when attempting to block inbound public networks by network address/subnet.
I did have a quick look at the command line firewall config, within the modem, but not being familiar with it off hand, I thought I'd ask first.
I have enabled a custom GUI firewall security profile and add the following but it does nothing on blocking a given network:
Also, it doesn't appear to accept network masking.
Like it's not the end of the world, but I would like to say no to those 'very friendly' Chinese visitors at the front door, without them tunneling through the network to be refused on internal LAN server/routers.
I know I could buy a feature rich ADLS2 modem/firewall, but I thought if I can get the Thomson to do it, well, that'd be just peaches.
Any thoughts?
But to answer my own question, yerp, it's doable. 
Trusted
