Recently my Malwarebytes informed me one of my programs was trying to reach out to a questionable IP. First, I’m glad I have Malwarebytes installed; it’s free, but I purchased a three-pack lifetime subscription which gets you automatic updates rather than you having to manually update. I didn’t mind manually updating, but it’s situations like this which made me decide to donate to the cause.
Anyhow, while working on cleaning up the malware, I wanted to ensure I wasn’t sending anything to the IP (which happened to originate in China. Big surprise there.)
I have a DD-WRT enabled wireless router, which permits iptable rules. In my case you can temporarily enter the rule in the command prompt under the “Administration” tab in DD-WRT to test it out. The rule goes into effect immediately, but only lasts until the next reboot. So if you want it to be permanent, after you test it out you can write it to the firewall in the same tab.
So here are some key rules you can enter to block outgoing traffic.
1) Block outgoing access to an IP without logging (replace the example IP below with an IP of choice):
iptables -I FORWARD -d 220.127.116.11 -j DROP
2) Block outgoing access to an IP *with* logging (replace the example IP below with an IP of choice):
iptables -I OUTPUT -d 18.104.22.168 -j logdrop
3) List all IPTABLES rules with number of rule that include the FORWARD command (you can replace the FORWARD command with any command you want the rule list to include):
*this is in case you made a mistake, or want to remove a rule you no longer need*
iptables -vnL FORWARD --line-numbers
4) Delete an IPTABLES rule referencing FORWARD by number (replace X with the number of rule you listed in #3 above):
iptables -D FORWARD X