I use whiterussian but I want to block udp traffic in the router (because abuse from the others routers users), specifically I want to block udp traffic comming from a certain ip address by example 192.168.1.190, (all traffic incoming and outbound, except the dns traffic) I try several iptables commands like

first, I try to block all traffic (after I release dns traffic)

iptables -A X -p udp -s 192.168.1.190 -j DROP

where X is INPUT OR OUTPUT, prerouting_vlan1, prerouting_rule, etc.

But this not works, I watched it throught the iptraf program on router (Linksys wrt54gL) (uname -r 2.4.30

I want to know what am I doing wrong? or How I can do, the rule that allow to do what I want?

Thanks for your help.

I reply to myself, because nobody help me:

I believe than this do what I want, but I'm not 100% sure:

###################### block the udp traffic to all address except one 192.168.1.90 or to the dns port
iptables -t nat -I postrouting_rule -p icmp -j DROP
iptables -t nat -I postrouting_rule -p udp --source ! 192.168.1.90 --dport ! 53 -j DROP

This it's an extra:
###################### block the tcp traffico to a specify ip address to any port different of  http,https,dns,dhcp,dhcp
iptables -t nat -I postrouting_rule -p tcp --source 192.168.0.133 -m multiport --dport ! 80,443,53,68,67  -j DROP
iptables -t nat -I prerouting_rule -p tcp --destination 192.168.0.133 -m multiport --sport ! 80,443,53,68,67  -j DROP
/**/

I'm testing right now if I found a mistake I publish it.

Filtering in the nat table is a very bad idea. Not all packets pass through nat POSTROUTING chain.
You have to filter in the FORWARD or OUTPUT chain of the filter table.