Whitelist with DD-WRT v3.0-r29660 std

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
venician
DD-WRT Novice


Joined: 24 May 2017
Posts: 4

PostPosted: Wed May 24, 2017 16:55    Post subject: Whitelist with DD-WRT v3.0-r29660 std Reply with quote
I have a Buffalo router and I am trying to implement a whitelist firewall script with version DD-WRT v3.0-r29660 std. I cannot get it to work despite following the instructions from earlier postings (using iptables, wanout etc). Here is how I proceed: I go to the Commands page and input a script that I found online with the Firewall Save button.

Is there anything additional that needs to be done (like enabling a certain service) before inputting the script?

Does anybody have a simple script that will work with this version of dd-wrt?

Thanks in advance.
Sponsor
h8red
DD-WRT Guru


Joined: 28 Jun 2011
Posts: 580
Location: Vilnius, Lithuania

PostPosted: Wed May 24, 2017 17:29    Post subject: Reply with quote
Look here starting with my post:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=306409&highlight=

_________________
[Ramips] Nexx WT3020F Openwrt @kernel #4.14.167 (OpenVPN server, Wireguard server, AD blocking, SQM QOS, USB)
venician
DD-WRT Novice


Joined: 24 May 2017
Posts: 4

PostPosted: Wed May 24, 2017 17:50    Post subject: Reply with quote
h8red, thank you very much for your reply. This is really my first day with dd-wrt and even though I tried, I cannot follow the steps that are described.

Could you please give me a simple script that blocks everything with the exception of www.yahoo.com and tell me where to insert it.

I tried the following:

iptables -N wanout
iptables -I FORWARD -i `nvram get lan_ifname` -j wanout
iptables -I wanout -d http://www.yahoo.com -j ACCEPT
iptables -A wanout -j REJECT --reject-with icmp-proto-unreachable

and not only does it not work but when I logon from a different location I don't even see it under commands.

Can you please help?
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Thu May 25, 2017 7:17    Post subject: Reply with quote
iptables -I wanout -d http://www.yahoo.com -j ACCEPT


It does not work with URL. Use host and port.

iptables -I wanout -d www.yahoo.com -dport http -j ACCEPT
venician
DD-WRT Novice


Joined: 24 May 2017
Posts: 4

PostPosted: Thu May 25, 2017 10:40    Post subject: Reply with quote
Thank you very much Per Yugve Berg. You mean to say that the rest of the code will remain the same and I should change only that. Right?
venician
DD-WRT Novice


Joined: 24 May 2017
Posts: 4

PostPosted: Sat May 27, 2017 0:18    Post subject: Reply with quote
Per Yngve Berg, Thank you very much!! Your tip on getting rid of the URL part (http, https) etc. worked great.

Thanks!!!
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum