0

Im trying to block all websites but one with DD-WRT on a Linksys router. I am currently using this script:

iptables -I FORWARD 1 -p tcp -d dd-wrt.com --dport 80 -j ACCEPT
iptables -I FORWARD 2 -p tcp --dport 80 -j DROP

But this does not seem to work, as it is blocking access via HTTP to dd-wrt.com as well. Any help?

Kaizokupuffball
  • 101
  • 1

1 Answers1

1

Make sure you're allowing the return traffic, at the moment it looks like traffic is probably getting out, but responses are not being allowed:

iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
James Yale
  • 5,182
  • 1
  • 17
  • 20
  • I tried adding that to the end of my script. And i cant get it work now either. Here is the whole script. http://pastebin.com/6jjwws9y – Kaizokupuffball May 08 '12 at 08:56
  • Are you talking about allowing the router itself to talk to the web page or machines behind it? Because if you mean machines behind it, there's no rule to allow the packets that establish the connection in the first place into the router. – David Schwartz May 08 '12 at 09:07
  • Im talking about letting the computers have access to onle a few websites (see the IP adresses) via port 80 & 443. The computers should NOT have access to e.g. google.com or bing.com – Kaizokupuffball May 08 '12 at 09:10
  • In the question you've used the FORWARD chain, where as in your paste you're using the INPUT chain - you need to use the FORWARD chain for routed packets, additionally your pasted configuration has all the rules specifying source addresses, not destination addresses. – James Yale May 08 '12 at 11:01