I am trying to use my GL-iNet 4G smart router with a firewall. I want the users to access ONLY some specific websites. I tried the below iptable rules to in the custom-rules of firewall settings…but it did not work. Anyone tried this before ?
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp -d calicutnet.com --dport 80 -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP
Somehow this doesnt work. I am always bypassing the rule…i.e i am able to access all the websites.
btw…for testing i am using this as a repeater.
If you are putting these lines in the custom rules then they are appended to the end of the chain.
Instead try just this single line:
iptables -I OUTPUT 1 -p tcp -d calicutnet.com --dport 80 -j ACCEPT
This will INSERT your new rule at the top of the chain.
ipset + iptables is your friend, it’s easy to do. For example, you should replace dnsmasq with dnsmasq-full via opkg update && opkg remove dnsmasq && opkg install dnsmasq-full.
Creat file /tmp/dnsmasq.d/whiltelist.dns, and add lines: