Here are the scripts I use to enable and block internet access for some clients. It logs the script start and end time and outputs the iptables -L to the cronlog file.
Code:
#!/bin/sh
echo "********************PC-Lab_Naomi_on script run START at `date`" >> /tmp/cron.d/cronlog
# drop rule that blocked an incoming connection from PC Lab
iptables -D FORWARD -s 192.168.2.218 -j DROP
# drop rule that blocked an incoming connection from Naomi Laptop
iptables -D FORWARD -s 192.168.2.232 -j DROP
iptables -L FORWARD >> /tmp/cron.d/cronlog
echo "********************PC-Lab_Naomi_on script END run at `date`" >> /tmp/cron.d/cronlog
Code:
#!/bin/sh
echo "********************PC-Lab_Naomi_off script run START at `date`" >> /tmp/cron.d/cronlog
# Block an incoming connection from PC Lab
iptables -I FORWARD -s 192.168.2.218 -j DROP
# Block an incoming connection from Naomi Laptop
iptables -I FORWARD -s 192.168.2.232 -j DROP
iptables -L FORWARD | grep DROP >> /tmp/cron.d/cronlog
echo "********************PC-Lab_Naomi_off script END run at `date`" >> /tmp/cron.d/cronlog
Do you want to route certain traffic or devices thru the vpn tunnel. I know how to do this on Asus Merlin wrt. I am more active on that forum now, snbforum.com. There is a member there that is a guru on this topic I may be able to ask if I can not help. Please elaborate on your use case.
I like to block some IP adresses or MAC Adresses.
And here only some ports. One example:
One user comes over OpenVPn to the LAN and need this connection to play games, like LOL.
Now I like to block the ports for this game.
Means: Ports 27000-27050, Ports 8393-8400,Ports 5222-5223, Port 3478 and 8088. Both ... TCP and UDP
Either openvpn or access restrictions. Both together dont go.
This is excellent guide especially for me. I'm absolute noob. Thank you very much mikimik for such detailed explanation. Thanks to this I was able to achieve some success.
On my Lynksys EA8500 I have only dd-wrt v3.0-38065 kongat and nothing more - no openvpn or something else. I used two "on" and "off" scripts as described here but had a known problem with access restriction for new connections.
Then I decided to go with eibgrad method, but have my noob problem. I switched off cron, put new script to command window and Saved Startup. Then I applied GUI access restriction as I want. What I can not understand, what is lan2wan.sh file and where it should be placed in my router (if it should be)?
What I found today morning is my little son restarted router and plays his computer as usually Have no idea what to do now. I had 3 rules in GUI for him when WAN is allowed - during morning hours 11:00-14:30 (remote schooling due to corona virus) and in the evening for a little playing and communication with friends 19:00-21:00. I will be very grateful for any help and idea. Thanks.