Hey guys.. I just updated the firmware of a Linksys router to a hacked one. And I can use iptables to add blocking rules to my network, but the router lacks the feature to block a pc's total internet access save a few domains. So, basically, what I want to do is to block internet access totally to 1 pc except for 2 domain names.. I'm just a newbie at iptables, so could anyone give me a lead ?

$INTIF = eth0

# Flush the chains
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD

#drop all traffic
$IPTABLES -A INPUT -i $INTIF -p tcp -j drop
$IPTABLES -A INPUT -i $INTIF -p udp -j drop
$IPTABLES -A INPUT -i $INTIF -p tcp -j drop

# Allow your 2 destinations
$IPTABLES -A INPUT -i $EXTIF -s 0.0.0.0 -d www.site1.com -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -s 0.0.0.0 -d www.site1.com -j ACCEPT


Although I'm not sure you can allow based on a DNS name. I tried to block using a DNS entry, and it wasn't quite succussful. What I've typed would have to be running on the machine you want to restrict