0

I have a simple problem. Without going into too much details, someone in the shared network is constantly accessing the ASUS router portal and blocking my network access to my laptop. This is done using the ASUS router GUI and it shows with a blocked internet access icon next to my laptop's ip address.

This is annoying me greatly. I can't change the ASUS portal login credentials because of others sharing the network too.

Of course I can just go back to the portal and unblock myself, but the person will eventually block my internet access again.

Enabling SSH, I noticed that when I compare the iptables list between one where my laptop's ip address is blocked and one where it's not, the only difference is in the Chain FORWARD list like so:

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             MAC AE:E0:0E:EE:C0:89

Where the mac address there is the mac address of my laptop.

The first thing I tried was

iptables -I FORWARD -m mac --mac-source AE:E0:0E:EE:C0:89 -j ACCEPT

which solves the problem because the priority of this ACCEPT command is on the top of the list so the DROP packet command is not executed, however he actually unblocks and reblocks my IP which causes the DROP packet command to go above my ACCEPT line.

I also tried

iptables -D FORWARD -m mac --mac-source AE:E0:0E:EE:C0:89 -j DROP

in an attempt to delete the line for dropping packets from/to my laptop but the error

iptables: Bad rule (does a matching rule exist in that chain?).

appears.

I want to run a script that can automatically unblock my laptop ip address (or rather mac address). Is there any way I can delete the DROP command sent from the GUI using iptables command?

Dave Lim
  • 101
  • 1
    What if you compare the actual iptables rules, i.e. output of `iptables -S`? – u1686_grawity Jul 23 '22 at 19:08
  • 1
    You may not be able to win this war. It sounds like you do not ultimately control the connection, so maybe thr best solutuon is a social one - stop using the resource in a way that causes thr other party to block it. Another partial solution - if your hardware supports it, and most do, would be to change your MAC address each time you connect. This would make it more work for the other party to block you. – davidgo Jul 24 '22 at 07:21
  • @user1686 thanks a lot for this suggestion. I wasn't aware that there is the -S option and I see that there is an additional ```-i br0``` in the ASUS generated rule that blocks my ip. So using -D to delete that FORWARD rule works. Answer the question so I can accept it? – Dave Lim Jul 24 '22 at 12:46
  • @davidgo yes i'm exploring changing the mac address when i reconnect to the router too, thanks for the suggestion. Ultimately I just wanted to minimize the hassle of having to unblock or reconnect to the router again. – Dave Lim Jul 24 '22 at 12:48

0 Answers0