For now I've set it up with reserved DHCP addresses and it's working. The only problem seems to be if the machine doesn't already have an address from the DHCP server then the packets aren't being passed to get the address. Is there a rule I need to add to allow for DHCP traffic from all devices?
Joined: 06 Jun 2006 Posts: 3763 Location: I'm the one on the plate.
Posted: Mon Mar 08, 2010 6:41 Post subject:
toricred wrote:
The only problem seems to be if the machine doesn't already have an address from the DHCP server then the packets aren't being passed to get the address. Is there a rule I need to add to allow for DHCP traffic from all devices?
No. You cannot prevent your clients from programming a static IP. What you need is called ARP binding, which is not currently supported with this firmware.
We are still trying to get sputnick to detonate properly, with no success. Please stop trying to start some shit with the forum.
I'm not trying to prevent static IP's. I just wanted to know how to allow DHCP. I've got it working now.
I'm unclear what the reference to sputnick and starting shit is. I'm just trying to understand how to do some small things through iptables not start any trouble.
Is there anyway of just blocking urls like torrents without using a proxy server?
EDIT:
iptables -A wanout -i `nvram get lan_ifname` -d www.bbc.co.uk -j DROP
Ill give that a try tonight when i get home and report back or if someone can test it for me ill be greatfull _________________ TP-Link TL-WDR3600 v1 [EU]: r36330 (07/16/18 )
D-Link DIR-615 D2 [EU]: r36330 (07/16/18 )
Mikrotik RB750r2 (OpenWrt 17.01.4)
EE BrightBox 1 aka A4001N (OpenWrt 17.01.4)
Sagemcom FAST@5364 (VDSL2,FTTC (Fibre to the Cabinet) Synced 65/17
Is there anyway of just blocking urls like torrents without using a proxy server?
This thread is about whitelisting which blocks everything by default and then allows certain things. To blacklist URL's you can use the standard Access Restrictions in the GUI which makes use of the ipt_webstr module. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Joined: 29 May 2008 Posts: 243 Location: United Kingdom
Posted: Sat Apr 10, 2010 11:15 Post subject:
phuzi0n wrote:
you can use the standard Access Restrictions in the GUI which makes use of the ipt_webstr module.
Thanks Could i block ranges of ips 192.168.4.5-192.168.4.9 using this wholelist or the wireless interface would be okay aswell _________________ TP-Link TL-WDR3600 v1 [EU]: r36330 (07/16/18 )
D-Link DIR-615 D2 [EU]: r36330 (07/16/18 )
Mikrotik RB750r2 (OpenWrt 17.01.4)
EE BrightBox 1 aka A4001N (OpenWrt 17.01.4)
Sagemcom FAST@5364 (VDSL2,FTTC (Fibre to the Cabinet) Synced 65/17
Of course the MAC of the exempt machine is changed for its protection, but I have double and triple checked to make sure its the right one, and it is. My problem is that this script doesnt seem to be doing ANYTHING at all. It doesnt stop any of the other machines on my network from accessing the internet....
What I want to be able to do, is to only let specified machines access the internet, while everyone else can access anything on the local network.
iptables -vnL _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
None of it is there, are you saving it as a firewall script? _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
ok, so now I have it working it seems. didnt change anything but I did at that command you wanted me to report stuff from, to the end of the script. So now that it seems to be working, I have a question about the ports area. How can I open up all ports? instead of just those being able to be used?
None of it is there, are you saving it as a firewall script?
Am I not supposed to be saving it as a firewall script?
It should be a firewall script. I don't understand why you want to open up all ports though, if you allow every port then nothing will be blocked so the whitelist will be pointless. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Even with the ports open, the IP and MAC is filtered right?
So even with the ports open, unless they have a MAC and an IP on the whitelist, they would not be able to get through, or am I missunderstanding something?
Could i block ranges of ips 192.168.4.5-192.168.4.9 using this wholelist or the wireless interface would be okay aswell