Posted: Sun Aug 19, 2018 1:22 Post subject: Enable / Disable WAN Access Using List Of MAC Addresses
I would like to disable WAN access for specified devices using shell or GUI commands on my Buffalo WHR-300HP2 router running DD-WRT v3.0-r30354 std (08/22/16). I found the code below provided by user eibgrad on a post for Atheros equipment. I have three questions:
1. Are the commands the different at all for Atheros and Ralink routers?
2. The code below disables WAN access. Do I simply replace "REJECT" in the code with "ALLOW" to re-enable WAN ACCESS?
3. Will disabling access using the code below drop existing WAN connections? If not, how could I accomplish this desired behavior?
I am aware of Access Restrictions in the GUI and I use them to an extent but they're limited to ten profiles and I have many varying combinations of devices I'd like the ability to manage access for. Furthermore, I'm hoping to automate some scenarios via shell access from a Windows computer.
for mac in $MAC_LIST; do
iptables -I FORWARD -m mac --mac-source $mac -o $WAN_IF -m state --state NEW \
-j REJECT --reject-with icmp-host-prohibited
iptables -I FORWARD -p tcp -m mac --mac-source $mac -o $WAN_IF -m state --state NEW \
-j REJECT --reject-with tcp-reset
done