How do I setup firewall rules to block traffic over specific ports when connected to VPN?

As an extra measure of hardened defense against any and all network attacks when connected to a shared VPN server, it is possible to lock down traffic over specific ports that have been exploited through known vulnerabilities. These attacks are very uncommon and if your VPN provider has not advised you of any issue then you can ignore this article. 

The Quote of the Day (QOTD) attack is method of network intrusion using the UDP protocol over open port 17. In order to block this you can enter a quick script into the Firewall commands section of your open source firmware.

Blocking ports in DD-WRT and Tomato firmware with a firewall rule:

Go to the Administration > Commands section in DD-WRT or the Administration > Scripts > Firewall section in Tomato and copy the following line:

iptables -I FORWARD -p udp --dport 17 -j DROP

In DD-WRT click Save Firewall, in Tomato click Save and then reboot your router. 

This sample would prevent all traffic from going over UDP port 17. You can add as many port blocks as you like in these Command sections by repeating the script on the next line with a different port number. 


Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk