Can someone please help me with whitelist using iptables?

Discussion in 'Tomato Firmware' started by liesack, Apr 7, 2010.

  1. liesack

    liesack LI Guru Member

    Using the regular 1.27 Tomato firmware in Motorola router.

    I am trying to create a whitelist in tomato, so i did the following:

    - Added the rule in firewall
    - As an example i tried the rule that is in the post:

    iptables -I FORWARD -p tcp --dport www -j DROP
    iptables -I FORWARD -p tcp -d -j ACCEPT

    the rule is for drop all packets to www, accepting only connection to Did not worked here.


    iptables -I FORWARD -p tcp --dport www -j DROP
    iptables -I FORWARD -p tcp -d -j ACCEPT

    (or and did not worked

    After inserted that rules, i allways restarted the rules.

    What am i doing wrong? Could someone please help me?
  2. Porter

    Porter LI Guru Member

    You didn't exactly tell us, where the rules didn't work. What happened?

    Second: google probably knows the solution to your problem.

    Third: I would guess that the ACCEPT rule needs to be the first one and not the DROP rule, but I could be wrong.

    If you want to stop people from accessing you might also look into manipulating your local DNS-Cache in Tomato, so that will be resolved to . But that's just an idea, haven't given it much thought.
  3. liesack

    liesack LI Guru Member


    I need that computers cant access any site. EXCEPT some sites.

    In this example, the rule was for:

    ACCEPT connection only if the request is for, everything else will be dropped

    As i use the -I parameter, the rule will be put at top of the rules, so the 2 line script should work.

    I searched a lot in google for iptables, and there is a lot of documents, but i cant implement that in TOMATO. My problem is with tomato.

    As what i need is drop all sites, except google, i cant use the GUI access restriction.

    I dont know whats wrong.
  4. Porter

    Porter LI Guru Member

    I just added both your rules and they worked (well, i added them via ssh and not the firewall box).

    That means there's propably a problem elsewhere...

    What did you mean by saying you restarted something after you added the rules?

    If you want to know whether your rules got loaded use:
    iptables -vL FORWARD
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice