Hi All,
I suspect that I am missing something simple but have been stuck and searching through similar threads has helped me solve my issue.
-Using an AC86U with Merlin 386.2.
What I want to do: use iptables to have the same effect as the URLfilter feature in the Firewall section. (Ultimate goal is to have itby mac and/or time of day restrictions, but I am just trying the basics)
First, I want to confirm urlfilter works, and want to block access to discord, so I enable urlfilter for "discord":
- Once enabled the blocking works as expected, it even blocks the app. Great! (Except I cannot have it for specific clients or on a schedule)
- With the urlfilter enabled, I run "iptables -S" I can see 3 rules were added:
In my test. I thought I could take these 3 rules and add them myself. First I turn off the urlfilter then add the following rules:
In theory I should have the same effect as enabling urlfilter correct?
After entering, I check to see the rules show (iptables -S and they do,, however it doesn't get blocked as before.
All clients can access discord.com and the app also works.
Either I am missing something, or urlfilter is doing something else that I cannot figure out?
I am not sure how to troubleshoot this further, any thoughts?
I suspect that I am missing something simple but have been stuck and searching through similar threads has helped me solve my issue.
-Using an AC86U with Merlin 386.2.
What I want to do: use iptables to have the same effect as the URLfilter feature in the Firewall section. (Ultimate goal is to have itby mac and/or time of day restrictions, but I am just trying the basics)
First, I want to confirm urlfilter works, and want to block access to discord, so I enable urlfilter for "discord":
- Once enabled the blocking works as expected, it even blocks the app. Great! (Except I cannot have it for specific clients or on a schedule)
- With the urlfilter enabled, I run "iptables -S" I can see 3 rules were added:
Code:
-A INPUT -d 192.168.1.1/32 -i br0 -p udp -m udp --dport 53 -m string --string "discord" --algo bm --to 65535 --icase -j DROP
-A FORWARD -i br0 -p udp -m udp --dport 53 -m string --string "discord" --algo bm --to 65535 --icase -j DROP
-A FORWARD -p tcp -m webstr --url discord -j REJECT --reject-with tcp-reset
In my test. I thought I could take these 3 rules and add them myself. First I turn off the urlfilter then add the following rules:
In theory I should have the same effect as enabling urlfilter correct?
Code:
iptables -I INPUT -d 192.168.1.1/32 -i br0 -p udp -m udp --dport 53 -m string --string "discord" --algo bm --to 65535 --icase -j DROP
iptables -I FORWARD -i br0 -p udp -m udp --dport 53 -m string --string "discord" --algo bm --to 65535 --icase -j DROP
iptables -I FORWARD -p tcp -m webstr --url discord -j REJECT --reject-with tcp-reset
After entering, I check to see the rules show (iptables -S and they do,, however it doesn't get blocked as before.
All clients can access discord.com and the app also works.
Either I am missing something, or urlfilter is doing something else that I cannot figure out?
I am not sure how to troubleshoot this further, any thoughts?