Hello guys. A few years ago I made this thread (Why do I see my router login page when I type in my external IP address on the address bar? - #7 by rj-45) because I was worried that anyone on my network (even clients in guest wifi) could access the router page by simply typing the wan IP address, making any attempt to block access to router through IPtables useless.
I changed to another ISP recently and to my surprise, it's even worse now because I can access the modem by typing my IP address.
Why I think this is dangerous:
A malicious script (often included in cracked apps/games etc) could easily execute a command that access the public IP from the infected device and instantly try to access the modem with default user and pass (e.g. admin:admin) and change the configuration by setting up a ddns and now the attacker has complete control over your network.
A ghetto fix for this would be blocking access to any IP from your country (if you live in the US you are out of luck since almost all the most relvant websites and even Chinese govt websites are hosted in the US) using banIP and rely on cloudflare (or any dns provider outside your county) for dns queries.
If you live in the US you could block access to IP addresses that the ISP gives you. For example if your public IP always starts with 67.89.x.x you can block 18.104.22.168/16 to prevent this.
Is there any plan to implement a feature that allows us to block access to our own public IP address in the future?
Thanks in advance and thanks for all your hard work.