访问限制

From DD-WRT Wiki

Revision as of 11:24, 16 January 2011 by Leangjia (Talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search

访问限制 允许用户按组创建规则,管理外网访问内网上的机器。规则可以按:个人 IP、MAC 物理地址、IP范围、 时间日期、流量类型、URL 或关键字 等创建,管理访问权限。

用户能创建多达10组规则,每组规则归类为一个策略一个策略能包含对个独立的规则,例如过滤个别机器访问特定网站,或者过滤一个确切的不想要的P2P协议。

Remember that all policies will be used (this is different than in factory Linksys firmware where only the first matched is used)! For example, if policy #1 is a Deny policy that restricts all internet access to a machine on your LAN, that machine will no longer be able to access the Internet, regardless of any Filter policies you might have. Note: The term "Filter" is erroneously labeled as "Allow" in earlier versions of DD-WRT firmware. This is the main source of confusion when dealing with access restrictions in DD-WRT. See Eko's forum post for more information.

The Filter option is used to block access to web sites, services, or keywords. However, it does not block internet altogether like the "Deny" option does. Nor does it allow internet access during times that a Deny policy denies it.

If you will notice, when you click the "Deny" button (instead of the Filter button), those extra options at the bottom of the page get greyed out (at least in newer dd-wrt versions). This is because filtering a web site, service, etc. in a Deny policy is pointless since the machines in the policy would be denied internet access anyway!

Contents

[edit] 拒绝互联网访问

  1. 从下拉菜单的1-10之间选择一个还没有被使用的策略号;
  2. 通过将状态设置为启用来启用你的策略;
  3. 在'策略名栏内给你的策略输入一个名字,例如: 限制因特网访问
  4. 点击编辑客户列表 按钮
  5. 客户列表界面内, 指定客户端的IP地址或MAC 地址,在IP栏内输入相应的IP地址,如果你希望指定一个IP地址的范围给过滤器, 可以通过在IP范围栏填入相应内容来完成。你也可以在MAC栏输入相应的MAC地址来达到同样的目的;
  6. 通过分别点击保存应用按钮来保存与应用你的设置。点击关闭按钮来回到访问限制界面;
  7. 点击Deny Internet access for listed clients during selected days and hours 旁边的单选按钮;
  8. 通过选择每天或一周内的哪几天来设置这些天因特网的访问将被限制;
  9. 通过选择24小时或选择From指定时间段来指定限制因特网访问的时间段;
  10. 分别点击保存应用来保存和应用设置;
  11. 重复上面的步骤来建立或修改其他的策略;

[edit] 过滤服务/URLs/关键词

更高级的内容过滤,请使用OpenDNS

  1. 在下拉菜单中选择一个未使用的策略号 (1-10).
  2. 状态设为启用,启用你的策略。
  3. 策略名中输入策略的名称。例如 "过滤BT"
  4. 点击编辑客户列表按钮。
  5. 客户列表页面,通过IP地址或MAC地址指定客户。在IP框中输入适当的IP地址。如果需要过滤一个IP地址段,在IP范围内输入适当的地址。在MAC框中输入适当的MAC地址。
  6. 点击保存应用按钮,保存所做的更改。点击关闭按钮回到访问限制页面。
  7. Click the radio button next to Filter Internet access for listed clients during selected days and hours. (Remember, many DD-WRT versions will have an "Allow" option, but it really means "Filter")
  8. Set the days when access will be filtered. Select Everyday or the appropriate days of the week.
  9. Set the time when access will be filtered. Select 24 Hours, or check the box next to From and use the drop-down boxes to designate a specific time period.
  10. Under Blocked Services, enter the services you wish to block (if any).
  11. Under Website Blocking by URL Address, enter in the domain name(s) you wish to block (if any).
  12. Under Website Blocking by Keyword, enter the keywords you wish to block (if any).
  13. 点击保存应用
  14. 要创建或编辑其他策略,重复以上的必要步骤。

注意: 如果没有输入策略的客户列表,过滤将不起作用。

[edit] 删除

删除互联网访问策略,只要选择对应的策略号,然后点击“删除”即可。

[edit] 摘要

要查看所有策略的摘要,请点击摘要按钮。互联网策略摘要页面将显示每个策略的编号、名称、日期和时间。要删除一个策略,点击它的复选框,然后点击删除按钮。点击关闭按钮可以回到过滤页面。

[edit] 过滤互联网端口范围

要根据端口过滤计算机,根据你想过滤的协议选择TCP、UDP或两者。然后在端口号内输入你想过滤的端口。连接到路由器的计算机将无法访问列表呢的任何端口。要禁用一个过滤器,选择禁用。

[edit] Filtering Inbound Traffic

See Iptables.


[edit] 问题?

还有关于访问限制的问题?你可能正在使用一个旧的不再维护的DD-WRT固件版本。如果是这样的话,查看本文章在讨论使用DD-WRT v24+之前的旧版本可能会有帮助。