Hi everyone !

My setup:
Sagecom Fast 5250.
This router is from Virgin Internet (bell).

I'm having TCP traffic on port 80. It's open
on purpose. nat redirection to my web server
lubuntu.

I was checking access.log and webalyzer. and I didn't like it.
So I've done some research about ipset and iptables. Decide to
ban subnet from russia, china, north korea... etc.

The problem is I still see traffic from them but with error 302.
To make sure the iptables rules was working, I used Tor browser
and force it to exit out from Russia and yes, it working ... almost.

The question is why, if I drop traffic using my ban rules I still see
traffic in access.log . In the first place, is it suppose to not let them in ?

And the juicy...
I can access my router port 22 as the owner of the Virgin contract and
I found that I could do a "login" in the ssh shell as root.
Then I created /home/<myuser>.
I can write file in there and change permission and I even have access
to /usr/bin/iptables which is completely normal to exist in busybox.

Would it be more accurate/logic to create my ban rules in my router ?
that would be fantastic.

Thanks and regard
smarch291
longueuil, qc
canada