#StackBounty: #iptables Running Ubuntu Router using Iptables Services; How to Block UPnP UDP Traffic Forwarding Between Private IP and …

Bounty: 50

I’ve currently got a Linux router running iptables-services. I’ve set up forwarding on the server and masquerade out as the public interface’s IP on the outbound using the POSTROUTING chain.

I’m trying to simulate a disconnect for an application I’m working on – as if the client sending traffic to my UDP port has stopped doing so, or alternatively my traffic returning to them stops. To achieve this, I’d like to drop traffic on the router itself.

Addresses for talking sake are 192.168.1.10 for my machine, 192.168.1.254 for router local interface, router public is 80.80.80.80, and public peer address is 90.90.90.90.

I would like to drop traffic being forwarded by the router (with NAT masquerading) from my local IP 192.168.1.10 destined for the public peer. Say drop all outbound UDP traffic on port 1000 from 192.168.1.10. Or alternatively, do the same, but catch it on the inbound – so 90.90.90.90 trying to reach my PC at 192.168.1.10.

Any advice is welcomed. Have tried adding rules to numerous tables, but my familiarity with stateless transport protocols like UDP and how they work with iptables / forwarding really isn’t great. There also really aren’t many existing questions on the same topic either, so have struggled to find anything of use. Essentially, I want to interrupt / override the process of UPnP by blocking any traffic from reaching the UDP listen port on my local machine through the router.

Thanks in advance. If there’s anything I can add or change, please advise in the comments before downvoting as I’m always happy to improve my questions where possible.


Get this bounty!!!

Leave a Reply