Limiting Access to one website and one only

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Goto page 1, 2  Next
Author Message
serotta1958
DD-WRT Novice


Joined: 28 Jul 2010
Posts: 5

PostPosted: Wed Jul 28, 2010 14:38    Post subject: Limiting Access to one website and one only Reply with quote
for a certain period if the day I want to limit my kids to being able to access only one web site ( a school thing ).

Does anyone have advice on how to setup a policy for this using dd wrt?
Sponsor
disco
DD-WRT User


Joined: 10 Oct 2009
Posts: 59

PostPosted: Wed Jul 28, 2010 15:56    Post subject: Reply with quote
That is fairly easy. Go to Access Restrictions tab

And create a policy like this:

Status: Enable
Policy Name: <insert some name here>

Hit Edit list of clientes
and insert the pcs mac addresses or individual ip addresses or fill the ip range in Enter the IP Range of the clients with you subnet to filter every pc connect to the router (most reliable). For example, if your subnet is 192.168.1.x enter somethin like this:
192.168.1.0 ~ 192.168.1.254

Hit Save, Apply Settings and close the page.

Filter selected

Days: unselect Everyday and chose the days you wish to to be blocked
Times: Chosse 24h or a time period

At last in Website Blocking by URL Address enter the domain name:
websitedomain.com


Click Save in the end of the Page and the Apply Settings

http://www.dd-wrt.com/wiki/index.php/Access_Restrictions
serotta1958
DD-WRT Novice


Joined: 28 Jul 2010
Posts: 5

PostPosted: Wed Jul 28, 2010 17:28    Post subject: Reply with quote
Thanks for the reply but I wonder if I did not explain myself well.

I am not blocking one website.. I am ALLOWING only one website.

Out of all the millions of website on the web I want them to be allowed to access only ONE site.

Is that done the same way.
redhawk0
DD-WRT Guru


Joined: 04 Jan 2007
Posts: 11563
Location: Wherever the wind blows- North America

PostPosted: Wed Jul 28, 2010 17:53    Post subject: Reply with quote
I don't know how to do it...but it should be possible using iptable commands...along with the cron job.

I am not very fluent in iptable rules...so either someone else can jump in here to help....or start reading up on iptable.

redhawk

_________________
The only stupid question....is the unasked one.
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Wed Jul 28, 2010 22:47    Post subject: Reply with quote
I didn't test this at all but it should work... Create access restriction #1 to drop all their traffic at the times you want to limit them to the one site. Then edit this with the site domain/IP and save it to your firewall script on the admin->commands page. If the site has multiple IP's then you'll need to specify the netmask or create more rules.

iptables -I grp_1 -d sitename.com -j ACCEPT

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
nn5i
DD-WRT User


Joined: 18 Jun 2010
Posts: 263
Location: Tallahassee, FL

PostPosted: Thu Jul 29, 2010 0:17    Post subject: Reply with quote
What follows is brainstorming by a guy (me) who doesn't actually know much. Here goes --

How about setting up your own DNS server that knows only this one web site, and turning off access to any other DNS servers during certain hours?

_________________
Netgear WNR834Bv2 DD-WRT build 14311 nokaid (Primary)
Linksys WTR54GSv1 DD-WRT build 14896 mini with AutoAP (x2) -- cool!
Linksys WRT54Gv2.2 DD-WRT build 14896 mini with AutoAP -- cooler!
Netgear WNR834Bv2 DD-WRT build 14896 mini with AutoAP -- also cool.
Linksys WTR54GSv1 DD-WRT build 14311 std (Client bridge for Ooma voip phone)
Linksys WAP54Gv2 DD-WRT build 14896 micro -- haven't figured out a use for it.
serotta1958
DD-WRT Novice


Joined: 28 Jul 2010
Posts: 5

PostPosted: Thu Jul 29, 2010 13:55    Post subject: Reply with quote
My own DNS server. Would I need a dedicated PC on my network to do that?
serotta1958
DD-WRT Novice


Joined: 28 Jul 2010
Posts: 5

PostPosted: Thu Jul 29, 2010 13:58    Post subject: Reply with quote
phuzi0n you suggested that I enter

"iptables -I grp_1 -d sitename.com -j ACCEPT".


Does grp 1 refer to the name of my access restriction.
Also, do I save this as a firewall rule?
nn5i
DD-WRT User


Joined: 18 Jun 2010
Posts: 263
Location: Tallahassee, FL

PostPosted: Thu Jul 29, 2010 14:24    Post subject: Reply with quote
serotta1958 wrote:
My own DNS server. Would I need a dedicated PC on my network to do that?

Others more knowledgeable will have to answer, but it is my impression that DD-WRT includes a simple DNS server. Hey, gurus -- have I got that straight?

_________________
Netgear WNR834Bv2 DD-WRT build 14311 nokaid (Primary)
Linksys WTR54GSv1 DD-WRT build 14896 mini with AutoAP (x2) -- cool!
Linksys WRT54Gv2.2 DD-WRT build 14896 mini with AutoAP -- cooler!
Netgear WNR834Bv2 DD-WRT build 14896 mini with AutoAP -- also cool.
Linksys WTR54GSv1 DD-WRT build 14311 std (Client bridge for Ooma voip phone)
Linksys WAP54Gv2 DD-WRT build 14896 micro -- haven't figured out a use for it.
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Thu Jul 29, 2010 14:36    Post subject: Reply with quote
phuzi0n wrote:
I didn't test this at all but it should work... Create access restriction #1 to drop all their traffic at the times you want to limit them to the one site. Then edit this with the site domain/IP and save it to your firewall script on the admin->commands page. If the site has multiple IP's then you'll need to specify the netmask or create more rules.

iptables -I grp_1 -d sitename.com -j ACCEPT

grp_1 is the chain Access Restriction #1's rules are put in. If you set it in AR #2 then you're use grp_2 instead, etc.

DNSMasq can do DNS but it would be more complicated to set up and wouldn't be as secure because even if DNS is blocked completely, you can still manually set up your own domain mappings in the /etc/hosts file.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
serotta1958
DD-WRT Novice


Joined: 28 Jul 2010
Posts: 5

PostPosted: Fri Jul 30, 2010 12:45    Post subject: Reply with quote
phuzi0n,

I tested your solution last night and it works great.
It was easy and very maintainable.

Thanks again......
wormedup
DD-WRT Novice


Joined: 06 Aug 2010
Posts: 2

PostPosted: Fri Aug 06, 2010 8:31    Post subject: Reply with quote
Please guys,
if i need this to access 2 sites only, how do i go about it ??
phuzi0n
DD-WRT Guru


Joined: 10 Oct 2006
Posts: 10141

PostPosted: Fri Aug 06, 2010 18:29    Post subject: Reply with quote
wormedup wrote:
Please guys,
if i need this to access 2 sites only, how do i go about it ??

Just create another rule for the other site.

_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
wormedup
DD-WRT Novice


Joined: 06 Aug 2010
Posts: 2

PostPosted: Fri Aug 27, 2010 10:46    Post subject: Reply with quote
phuzi0n wrote:
wormedup wrote:
Please guys,
if i need this to access 2 sites only, how do i go about it ??

Just create another rule for the other site.


thanks a lot.

Did it and every other site works great except yahoo mail; for some reasons i don't know, people under the filter can't seem to be able to log on to yahoo mail.

i've include all of; login.yahoo.com, mail.yahoo.com, us.mg4.yahoo.com. i even tried ip addresses for yahoo mail but it keeps changing.

any suggestions please?
cheers.
lumanga
DD-WRT Novice


Joined: 26 Aug 2018
Posts: 10

PostPosted: Sun Sep 02, 2018 17:34    Post subject: Clarify the settings for block for ALL except for one websit Reply with quote
Hi Sirs,

Could you please clarify how did you success with this??


I Want to block ALL internet on all the device connected to my DD-WRT router except for 6 website!

I Have setted DD-WRT with:
*SETUP:
- WAN Connection type= Auto-DHCP mode
- Local IP: 192.168.3.1
- Subnet: 255.255.255.0
- DHCP type= DHCP Server
- DHCP server0 ENABLE
- Use DNSMasq for DHCP= NO!
- Use DNSMasq for DNS= NO!
*ADVANCED ROUTING: Operating Mode= GATEWAY
*WIRELESS: Wireless Mode = "AP"....
*SERVICES: All Disabled.
*SECURITY: Firewall Disable!

With these settings, I'm able to connect to router and surf the web!

Then the IP range of this router are different from my modem and LAN (192.168.55.1). And I WANT THIS! because I want to have a separate LAN/Wifi access point, to internet, only for my childrens and filter all the traffic!


Well, then I set the BLOCK in this way:

*ACCESS RESTRICTIONS:
Policy 1(block ALL) Enable, Deny, Everiday! 24H

* ADMINISTRATION / Commands:
iptables -I grp_1 -d www.mywebsiteallowed.com -j ACCEPT
Run Command and Save Startup!

Reboot, BUT NOT WORKING ! ALL is blocked, also the www.mywebsiteallowed.com (IP example aaa.bbb.ccc.ddd)

I show you my iptables -L:

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       tcp  --  anywhere             anywhere            tcp dpt:http-alt
DROP       tcp  --  anywhere             anywhere            tcp dpt:http
DROP       tcp  --  anywhere             anywhere            tcp dpt:https
DROP       tcp  --  anywhere             anywhere            tcp dpt:69
DROP       tcp  --  anywhere             anywhere            tcp dpt:ssh
DROP       tcp  --  anywhere             anywhere            tcp dpt:telnet

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
lan2wan    0    --  anywhere             anywhere           
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     0    --  anywhere             anywhere           
ACCEPT     udp  --  anywhere             224.0.0.0/4         
TRIGGER    0    --  anywhere             anywhere            TRIGGER type:in match:0 relate:0
trigger_out  0    --  anywhere             anywhere           
ACCEPT     0    --  anywhere             anywhere            state NEW

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain advgrp_1 (0 references)
target     prot opt source               destination         

Chain advgrp_10 (0 references)
target     prot opt source               destination         

Chain advgrp_2 (0 references)
target     prot opt source               destination         

Chain advgrp_3 (0 references)
target     prot opt source               destination         

Chain advgrp_4 (0 references)
target     prot opt source               destination         

Chain advgrp_5 (0 references)
target     prot opt source               destination         

Chain advgrp_6 (0 references)
target     prot opt source               destination         

Chain advgrp_7 (0 references)
target     prot opt source               destination         

Chain advgrp_8 (0 references)
target     prot opt source               destination         

Chain advgrp_9 (0 references)
target     prot opt source               destination         

Chain grp_1 (1 references)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             aaa.bbb.ccc.ddd       
DROP       0    --  192.168.3.60/30      anywhere           
DROP       0    --  192.168.3.64/30      anywhere           
DROP       0    --  192.168.3.68/31      anywhere           

Chain grp_10 (0 references)
target     prot opt source               destination         

.... CUT CUT ....

Chain lan2wan (1 references)
target     prot opt source               destination         
grp_1      0    --  anywhere             anywhere           

Chain logaccept (0 references)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             anywhere           

Chain logdrop (0 references)
target     prot opt source               destination         
DROP       0    --  anywhere             anywhere           

Chain logreject (0 references)
target     prot opt source               destination         
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset

Chain trigger_out (1 references)
target     prot opt source               destination 
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum