I am not trained in Linux, but I think I found the solution to my documented problem, but it does not work as expected. I am NOT an iptables guru, I am learning on the go.
A Russian IP is trying to hack my network, especially an email server that I have on my network. So I have a forward port of port 25 to the mail server machine. My router runs TomatoUSB, a Linux-based router that I have root ssh access to.
I tried this command:
iptables -I INPUT -s 188.8.131.52 -j DROP
iptables -L -nv
returns many things, and now at the beginning it looks like this:
Chain INPUT (policy DROP 9 packets, 504 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 184.108.40.206 0.0.0.0/0
However, this did not stop the traffic, since my email server still reports connection attempts from this IP address, so the rule does not drop anything.
Maybe the INPUT chain is not where I need to add this? I am not yet educated in the different chains yet. INPUT intuitively seemed the right place, but because this is a NAT router, should I really have some kind of rule in the FORWARD chain that can say not forward to anyone if this is the source address?
It seems that what I want to do should not be difficult, but I am struggling to solve this so far.