D-Link Forums

The Graveyard - Products No Longer Supported => Routers => DIR-890L => Topic started by: Jason303 on June 13, 2016, 01:08:17 PM

Title: How do I block all InBound traffic from a specific IP Address?
Post by: Jason303 on June 13, 2016, 01:08:17 PM
D-Link DIR-890L HW:A1 FW: 1.09

I have a DIR-890L/R and I am trying to block all inbound traffic from a specific WAN IP Address. The closest I have found to a solution is Features -> Firewall -> IPv4 Rules -> Add Rule:

1) I select "Turn IPv4 Filtering ON and DENY rules listed" from the Advanced >> Firewall Settings >> IPv4 Rules and click the Save button.

A Window appears saying, "Your changes are being saved." However when the window disappears the select box returns back to "Turn IPv4 Filtering OFF". I try it again with the exact same result.

Ok... Maybe I have to create a rule before I can change the select option so I create a rule by clicking Add Rule button:

1) Name: I entered the rule named Hacker
2) Source IP address range: No problem I enter the WAN address XXX.YYY.ZZZ.QQQ
3) Destination IP address range: Ok I enter LAN address range 1.1.1.1 - 255.255.255.255
4) Port Range: I choose Any and enter range 1-65535
5) Schedule: I leave it "Always Enable"
6) I hit the Apply button

So far so good, my rules remaining changed from 24 to 23 rules and my new rule Hacker appears in the list. I change the select from "Turn IPv4 Filtering Off" to "Turn IPv4 Filtering ON and DENY rules listed".

I then click Save and a window appears saying, "Your changes are being saved." There is a progress wheel circle that spins but nothing happens. I let the wheel spin for 5 minutes and still it never completes. I give up waiting and log back into the router. Nothing is saved! I have no rules and it says I have Remaining: 24.

I reboot the router and try again with no success, the same exact thing happens yet again!

Can someone please tell me what I am doing wrong and how to make this router block inbound traffic from a specific WAN IP address for all LAN addresses please?!
Title: Re: How do I block all InBound traffic from a specific IP Address?
Post by: Jason303 on June 13, 2016, 01:16:03 PM
I repeat the same steps listed above but this time I wait for the save progress wheel to complete. A period of time goes by and the router login screen appears requesting my password. I'm guessing that the router administration timed out and I have to log back in, so I enter my password and go back to the IPv4 Rules and still my rule is deleted and I have remaining: 24.

I create a new Rule exactly the same as above leaving "Turn IPv4 Filtering OFF" and click Save button. The window appears yet again with "Your changes are being saved." and I wait... A couple minutes later the window disappears and I am asked to log back into the router administration which I do and still no rule saved with Remaining: 24.

Can someone please tell me how to use this router to block a single WAN address?
Title: Re: How do I block all InBound traffic from a specific IP Address?
Post by: FurryNutz on June 13, 2016, 01:42:32 PM
Link>Welcome! (http://forums.dlink.com/index.php?topic=48135.0)

  Link> >FW Update Process (http://forums.dlink.com/index.php?topic=42457.0)

Internet Service Provider and Modem Configurations

PC Web Browser Configurations
What browser are you using?
Try Opera or FF? If IE 8, 9, 10 or 11, set compatibility mode and test again. (For older generation routers.)
Disable any security browser Add-ons like No Script and Ad-Block or configure them to allow All Pages when connected to the router.
Clear all browser caches.

Also is DNS Relay enabled while you have the rules enabled?
Title: Re: How do I block all InBound traffic from a specific IP Address?
Post by: Jason303 on June 14, 2016, 11:14:50 AM

- North America, USA


- I am using wired connection to the router



- I have performed a Factory Reset on the router

  Link> >FW Update Process (http://forums.dlink.com/index.php?topic=42457.0)

- The Factory Reset was performed after the latest released version of the router firmware 1.09 was installed. All of the router settings have been setup manually from scratch after the Factory Reset was done.


- The router's inability to save rules to the firewall have never worked.

[/list]

Internet Service Provider and Modem Configurations

- Optimum Online cable internet


Hardware Information:
System:   ARRIS DOCSIS 3.0 / PC 1.5 Touchstone Telephony Modem
HW_REV: 2
VENDOR: Arris Interactive, L.L.C.
BOOTR: 1.2.1.52
SW_REV: 9.1.103S
MODEL: TM822G
Serial Number:   C7CBRE778253162
Battery Charger FW Rev:   03.11
Options:   
Firmware Build and Revisions
Firmware Name:   TS0901103S_122215_MODEL_7_8
Firmware Build Time:   Tue Dec 22 11:59:20 EST 2015

[/list]

PC Web Browser Configurations
What browser are you using?
Try Opera or FF? If IE 8, 9, 10 or 11, set compatibility mode and test again. (For older generation routers.)
Disable any security browser Add-ons like No Script and Ad-Block or configure them to allow All Pages when connected to the router.
Clear all browser caches.

- I am using Google Chrome without any browser add-ons. I cleared browser cache.

Also is DNS Relay enabled while you have the rules enabled?

- Enable DNS Relay is enabled.
[/quote]

After completed all of the above steps the behavior is identical to what was before. I can not save a rule after adding it to the IPv4 firewall nor change the Turn IPv4 Filtering to ON with DENY rules listed below.
Title: Re: How do I block all InBound traffic from a specific IP Address?
Post by: FurryNutz on June 18, 2016, 12:31:15 PM
If you do a factory reset and go directing into setting up a reservation and a firewall rule, DNS Relay enabled, does it work then?
Title: Re: How do I block all InBound traffic from a specific IP Address?
Post by: Jason303 on June 22, 2016, 07:34:30 AM
If you do a factory reset and go directing into setting up a reservation and a firewall rule, DNS Relay enabled, does it work then?

1) I performed a Factory Reset of the router: Management -> System Admin -> System -> Restore to Factory Default Settings
2) DNS Relay Enabled: Settings -> Network -> Enable DNS Relay
3) I go to the firewall settings: Features -> Firewall -> IPv4 Rules
4) I select Turn IPv4 Filtering ON and DENY rules listed and click the SAVE button. The setting does NOT save and it reverts back to Turn IPv4 Filtering OFF
5) I click the Add Rule button and enter the following information:

a) Name: Hacker
b) Source IP address range: WAN address XXX.YYY.ZZZ.QQQ
c) Destination IP address range: LAN address range 1.1.1.1-255.255.255.255
d) Port Range: Any 1-65535
e) Schedule: "Always Enable"
f) Apply button

6) The new Hacker rule appears and the number of remaining rules changes to 23.
7) Changed the select from Turn IPv4 Filtering Off to Turn IPv4 Filtering ON and DENY rules listed
8) Clicked the SAVE button

The new rule is deleted, remaining rules reverts back to 24 and Turn IPv4 Filtering OFF is selected. Nothing is saved. I tried different combinations of changing the Select Turn IPv4 Filtering OFF, Turn IPv4 Filtering ON and DENY rules listed, Add Rules, etc none of these work. Any time you click the SAVE button everything is deleted and the select returns to Turn IPv4 Filtering OFF. None of the features work on this router.
Title: Re: How do I block all InBound traffic from a specific IP Address?
Post by: FurryNutz on June 22, 2016, 07:38:14 AM
Can you try this with FF or IE11?

I'll have a look at this as well. There maybe a problem that needs to be reviewed by D-Link.  ::)

Thanks for the feed back.
Title: Re: How do I block all InBound traffic from a specific IP Address?
Post by: Jason303 on June 22, 2016, 08:02:38 AM
Can you try this with FF or IE11?

I'll have a look at this as well. There maybe a problem that needs to be reviewed by D-Link.  ::)

Thanks for the feed back.

I tried the steps listed above with:

1) Google Chrome version 51.0.2704.103 m
2) Mozilla Firefox version 47.0
3) Internet Explorer version 11.0.9600.18349

The behavior is the same regardless of which internet browser is used. None of the IPv4 Rules work on this router.
Title: Re: How do I block all InBound traffic from a specific IP Address?
Post by: FurryNutz on June 22, 2016, 08:11:29 AM
Great feed back. Thank you.

Just to confirm that the Build version of FW is 14?
Title: Re: How do I block all InBound traffic from a specific IP Address?
Post by: Jason303 on June 23, 2016, 11:08:57 AM
Great feed back. Thank you.

Just to confirm that the Build version of FW is 14?

The D-Link router information is:

DIR-890L
HW: A1
FW: 1.09

From the D-Link webpage:  DIR-890L/R AC3200 Ultra Wi-Fi Router

http://support.dlink.com/ProductInfo.aspx?m=DIR-890L%2FR

Firmware: 1.09.B14 04/04/16 is the current released version which is what is running on the router.
Title: Re: How do I block all InBound traffic from a specific IP Address?
Post by: FurryNutz on July 26, 2016, 06:35:59 AM
Tracking this bud here:
http://forums.dlink.com/index.php?topic=61577.msg268853#msg268853 (http://forums.dlink.com/index.php?topic=61577.msg268853#msg268853)

Hope it will be fixed in next FW update. Please be patient.

Thank you.