Menu
What's new
By:
Filters Better Search

iptables - create a rule to filter URL and schedule it with cron

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

W

wooolf

New Around Here
Dear All,

I want to manage my time more efficiently so I want to create simple rule to block specyfic domain, netflix.com for example.
After that I want to create a schedule to disable rule in selected time range.
In the first place I tried to create a rule at least and I did this in two different ways.
  1. Added a rule manually. Steps:
    1. Create and add rule
      Code: 
      iptables -I FORWARD -p tcp -m webstr --url netflix.com -j REJECT --reject-with tcp-reset
iptables -I FORWARD -i br0 -p udp -m udp --dport 53 -m string --string "netflix.com" --algo bm --to 65535 --icase -j DROP
iptables -I INPUT -i br0 -p udp -m udp --dport 53 -m string --string "netflix.com" --algo bm --to 65535 --icase -j DROP
    2. Check access - netflix is still avalible
  2. Added a rule via GUI (Firewall - URL Filter) and export iptables config.
    1. Export iptables config before adding any rule (to have clear config)
      Code: 
      ipconfig-save > open_url.txt
    2. Added rule
      1630306245484.png
    3. Checked access - netflix is blocked
    4. Export iptables config (to have config with blocked url)
      Code: 
      iptables-save > blocked_url.txt
    5. Import open_url.txt
      INI: 
      iptables-restore < open_url.txt
    6. Check access - netflix is open
    7. Import blocked_url.txt
      Code: 
      iptables-restore < blocked_url.txt
      ERROR
      1630306618641.png
I assume that the last error is because ASUS is created this black list somewere, which is of course not a part of iptables config.
1630306715542.png


Best regards
 
Last edited:
It’s an Asus iptables-save bug that was fixed in Merlin firmware a couple years ago.
 
Last edited:
It's strange because I don't have so old firmware. RT-AX88U is also not so old hardware.
However I don't have the latest firmware version so I can update it and the retest iptables-save.
 
wooolf said:
It's strange because I don't have so old firmware. RT-AX88U is also not so old hardware.
However I don't have the latest firmware version so I can update it and the retest iptables-save.
Click to expand...
I don’t think they really planned on users using iptables-save, so it’s an uncommon situation on stock firmware.
 
wooolf said:
Maybe someone knows how to deal with such a situation in a different way?
Click to expand...
You can edit the blocked_url.txt file to correct the error in the iptables-save output. The original -m webstr --url will incorrectly look like -m webstr--webstr

Post the actual line in the file if you can’t get it to work.
 
You must log in or register to reply here.

Similar threads

NoBenefit
Does my iptables looks normal?
Replies
1
Views
646
ColinTaylor
C
M
AdGuardHome IPTables blocking TLS port 853 from other hosts
Replies
3
Views
279
dave14305
dave14305
Nick B
Allowing Incoming WAN Connections for WireGuard Client Listed in Director
Replies
7
Views
1K
arkywein
A
GShlomi
Sharing my DualWan with port forwarding and DDNS experience
Replies
0
Views
146
GShlomi
GShlomi
M
ASUS Merlin iptables rule not applying.
Replies
11
Views
3K
Boysa22
B
Similar threads
Thread starter Title Forum Replies Date
WonderWoman RT-AX3000 Error Message: "Not a Valid IP Address" for local IP - Configuring Firewall Rule ASUS AX Routers & Adapters (Wi-Fi 6/6e) 7

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 999 (members: 33, guests: 966)
Top