1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help with Iptables, Active-X blocking, and Logging

Discussion in 'Tomato Firmware' started by vetter, Feb 6, 2008.

  1. vetter

    vetter LI Guru Member

    Using WRT54G v1.15.1297.

    Total newbie looking to get my WRT54G close to what I had with a sonicwall unit.

    Looking to setup iptables to do the following.

    1) Restrict activex to all sites but a few select ones (ie windowsupdate)

    I tried the following, but it didn't work

    iptables -I FORWARD 0 -p tcp -s -d update.microsoft.com --dport 80 -j ACCEPT

    itables -I FORWARD 1 -p tcp -s tcp dpt:www WEBSTR match content 2 reject-with tcp-reset

    2) Is there a way to setup the rules to only work during certain hours? I see the access restriction portion but not sure that will work.

    3) Show a html page that is stored on the WRT54G when a page is blocked. Nothing fancy, just that the access has been restricted.

    4) How do I set up the iptables to add the blocked pages to the log?

    5) When the blocked pages go to the log are they ip only? Is there a way to perform a DNS lookup...ie = google.com

    6) Can I have the log emailed? Possibly a cron job to accomplish?

    If I need to break these into separate posts, please let me know!

  2. vetter

    vetter LI Guru Member

  3. mikester

    mikester Network Guru Member

    I think you could get most of what you are looking under access restrictions: tomato/restrict-edit.asp

    Do a search on this forum to answer your other questions ie. logging, page blocking redirect, reverse DNS etc.

    WRT the automation you are asking for will require you to manually add code through SSH/CIFS or to add and recompile your firmware.


Share This Page