I am trying to block everything to/from a certain IP address, 220.127.116.11 as an example. In Network>Firewall>Custom Rules, I have the following under all of the instruction comments:
iptables -A INPUT -s 18.104.22.168 -j DROP
iptables -A OUTPUT -d 22.214.171.124 -j DROP
I've restarted the firewall, and the system log shows a message regarding the firewall being restarted.
If I go to Status>Firewall, I see the rule I created at the bottom of the INPUT/OUTPUT chains where they should be. They are last (at the bottom) after all of the default rules for things like LAN and WAN targets.
However, I can still ping the IP address from both my router and computer, and the firewall status always shows 0 packets matching the rule. Did I configure it wrong in some way?
Aren't there rules before your's that are accepting the packets?
You custom iptables rules should probably be put in a user chain such as "input_rule", "input_lan_rule", "input_wan_rule", "output_rule", "output_lan_rule", "output_wan_rule","forwarding_rule", "forwarding_lan_rule" or "forwarding_wan_rule".
But why don't you configure two Network>Firewall>Traffic Rules in instead?
I changed INPUT/OUTPUT to input_wan_rule/output_wan_rule and it still doesn't block it.
And if I go to Network>Firewall>Traffic Rules, I don't see any buttons or fields to add firewall rules; only the ability to move/edit/delete existing rules. And then at the bottom fields to open ports, create a new forward rule, and source NAT.
INPUT and OUTPUT chain only checks packets that are sent to/emitted by the router itself. For checking packets forwarded by router, use FORWARD chain, or more specifically, forwarding_wan_rule and forwarding_lan_rule .