LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-13-2013, 12:40 PM   #1
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Rep: Reputation: 15
Block all websites for most PCs, and Whitelists some PCs???


Hello all...

So a little bit of context. I have been wracking my brains trying to get this working and have been very unsuccessful. I am trying to get this working using IPTables in a DD-WRT environment. I know this forum isn't specifically for DD-WRT, but since we are talking about Linux commands, I am hoping it is transferable.

Basically, by default, I am trying to block ALL PCs access to all of the internet except 3 sites (Google, Yahoo, and DD-WRT). I have one PC that I listed by MAC address that I want to have full unrestricted access.

This is what I am using (saving it under FIREWALL commands) and it doesn't seem to be working:

Code:
# Set up the chain 
iptables -N wanout 
iptables -I FORWARD -i `nvram get lan_ifname` -j wanout 

# Exempt Machine MAC 
iptables -I wanout -m mac --mac-source 00:30:18:A9:A9:C6 -j ACCEPT 

# Allow everyone access to these sites (DNS lookup only happens once when rule is inserted and stays that single IP) 
iptables -I wanout -d website1 -j ACCEPT 
iptables -I wanout -d website2 -j ACCEPT 
iptables -I wanout -d website3 -j ACCEPT 

# Everything else gets blocked 
iptables -A wanout -j REJECT --reject-with icmp-proto-unreachable
 
Old 09-13-2013, 03:07 PM   #2
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Original Poster
Rep: Reputation: 15
I reduced my code to this and cannot get my exempted PC to communicate. Any help would be appreciated.

Code:
# Set up the chain 
iptables -N wanout 
iptables -I FORWARD -i `nvram get lan_ifname` -j wanout 

# Exempt Machine MAC 
iptables -I wanout -m mac --mac-source 00:30:18:A9:A9:C6 -j ACCEPT 

# Everything else gets blocked 
iptables -A wanout -j REJECT --reject-with icmp-proto-unreachable
 
Old 09-18-2013, 07:31 PM   #3
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Original Poster
Rep: Reputation: 15
I want to post my final DD-WRT settings for anyone that may read this thread later.

Since MAC based rules don't seem to work on this code DD-WRT v24-sp2 (05/27/13) mini (SVN revision 21676), I had to use IP based exceptions in order to make work the way I want. So that said, I added the machines that I wanted to exempt to have static DHCP assigned IP addresses.

Here is the code that I used:

Code:
# IP Tables White Listing script by phuzi0n -Tek @ DD-WRT Forum :: View topic - White List
# Version 1.1 for older chipsets and/or experimental firmware builds. Please freeze this version. GeeTek.
# URL for this Wiki Page Blocking URLs/IPs - DD-WRT Wiki

# Set up the chain 
iptables -N wanout 
iptables -I FORWARD -i `nvram get lan_ifname` -j wanout 

# Exempt Machine IP
#iptables -I wanout -s 192.168.1.2 -j ACCEPT

# Allow everyone access to these sites (DNS lookup only happens once when rule is inserted and stays that single IP)
iptables -I wanout -d site1allowed.com -j ACCEPT
iptables -I wanout -d site2allowed.com -j ACCEPT
iptables -I wanout -d site3allowed.com -j ACCEPT 
iptables -I wanout -d site4allowed.com -j ACCEPT 

# Everything else gets blocked
iptables -A wanout -j REJECT --reject-with icmp-proto-unreachable
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
PCs can not see together in networking finditsol Linux - Networking 1 08-29-2009 04:19 AM
Not Able to Block Sites On Windows PCs rajesh.bahl Linux - Server 1 03-10-2009 12:11 PM
Best use for several older PCs? robogymnast Linux - General 8 08-14-2008 08:23 AM
Backup with two pcs rmdnet Linux - General 4 10-15-2004 03:25 AM
Tablet PCs unmadindu Linux - Hardware 4 01-21-2003 06:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration