1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Web Access Whitelist Problem

Discussion in 'Tomato Firmware' started by h3l1, Aug 30, 2008.

  1. h3l1

    h3l1 Guest

    Hi all,

    I am trying to write a script where a whitelist defines the allowed hosts for web access. I'm creating a restrict chain, which gets called for a given ip address (will change that to a mac address when it is working).

    WHITELIST='.wikipedia.org$ ^dict.leo.org$'
    # split string
    WHITELIST=`echo $WHITELIST | awk 'BEGIN{FS=" "}{for (i=1; i<=NF; i++) print $i}'`
    # this is needed for the iptables web module to work
    /sbin/modprobe ipt_web
    $IPTABLES -N restrict
    $IPTABLES -I FORWARD -s -j restrict
    $IPTABLES -A restrict -p tcp --dport 53 -j RETURN
    $IPTABLES -A restrict -m state --state RELATED,ESTABLISHED -j RETURN
    for host in $WHITELIST
      $IPTABLES -A restrict -p tcp -m web --hore "$host" -j RETURN
    $IPTABLES -A restrict -p tcp -j REJECT --reject-with tcp-reset
    so the restrict chain looks like that
    # iptables -L restrict
    Chain restrict (1 references)
    target     prot opt source               destination
    RETURN     tcp  --  anywhere             anywhere            tcp dpt:domain
    RETURN     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
    RETURN     tcp  --  anywhere             anywhere            web --hore ".wikipedia.org$"
    RETURN     tcp  --  anywhere             anywhere            web --hore "^dict.leo.org$"
    REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
    My problem is when I run the script on the router, the client with the ip-address can not surf anywhere.:frown:
    Maybe someone could look at this and give me an advice how to solve this problem.


Share This Page