Find the answer to your Linux question:
Results 1 to 3 of 3
Hello all... So a little bit of context. I have been wracking my brains trying to get this working and have been very unsuccessful. I am trying to get this ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2005
    Posts
    4

    Block all websites for most PCs, and Whitelists some PCs???


    Hello all...

    So a little bit of context. I have been wracking my brains trying to get this working and have been very unsuccessful. I am trying to get this working using IPTables in a DD-WRT environment. I know this forum isn't specifically for DD-WRT, but since we are talking about Linux commands, I am hoping it is transferable.

    Basically, by default, I am trying to block ALL PCs access to all of the internet except 3 sites (Google, Yahoo, and DD-WRT). I have one PC that I listed by MAC address that I want to have full unrestricted access.

    This is what I am using (saving it under FIREWALL commands) and it doesn't seem to be working:

    Code:
    # Set up the chain 
    iptables -N wanout 
    iptables -I FORWARD -i `nvram get lan_ifname` -j wanout 
    
    # Exempt Machine MAC 
    iptables -I wanout -m mac --mac-source 00:30:18:A9:A9:C6 -j ACCEPT 
    
    # Allow everyone access to these sites (DNS lookup only happens once when rule is inserted and stays that single IP) 
    iptables -I wanout -d website1 -j ACCEPT 
    iptables -I wanout -d website2 -j ACCEPT 
    iptables -I wanout -d website3 -j ACCEPT 
    
    # Everything else gets blocked 
    iptables -A wanout -j REJECT --reject-with icmp-proto-unreachable

  2. #2
    Just Joined!
    Join Date
    Sep 2005
    Posts
    4
    I reduced my code to this and cannot get my exempted PC to communicate. Any help would be appreciated.

    Code:
    # Set up the chain 
    iptables -N wanout 
    iptables -I FORWARD -i `nvram get lan_ifname` -j wanout 
    
    # Exempt Machine MAC 
    iptables -I wanout -m mac --mac-source 00:30:18:A9:A9:C6 -j ACCEPT 
    
    # Everything else gets blocked 
    iptables -A wanout -j REJECT --reject-with icmp-proto-unreachable

  3. #3
    Just Joined!
    Join Date
    Sep 2005
    Posts
    4
    I want to post my final DD-WRT settings for anyone that may read this thread later.

    Since MAC based rules don't seem to work on this code DD-WRT v24-sp2 (05/27/13) mini (SVN revision 21676), I had to use IP based exceptions in order to make work the way I want. So that said, I added the machines that I wanted to exempt to have static DHCP assigned IP addresses.

    Here is the code that I used:

    Code:
    # Set up the chain 
    iptables -N wanout 
    iptables -I FORWARD -i `nvram get lan_ifname` -j wanout 
    
    # Exempt Machine IP
    #iptables -I wanout -s 192.168.1.2 -j ACCEPT
    
    # Allow everyone access to these sites (DNS lookup only happens once when rule is inserted and stays that single IP)
    iptables -I wanout -d site1allowed.com -j ACCEPT
    iptables -I wanout -d site2allowed.com -j ACCEPT
    iptables -I wanout -d site3allowed.com -j ACCEPT 
    iptables -I wanout -d site4allowed.com -j ACCEPT 
    
    # Everything else gets blocked
    iptables -A wanout -j REJECT --reject-with icmp-proto-unreachable

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •