DD-WRT/iptables script

NickSlash · 4 Mar 2012 at 21:30

I need a script that can enable and disable (either one script to do both, or one for each task) access to a certain website for specific mac addresses.

It will be need to be ran on a windows computer (guessing a shell script and putty's plink?)

I have managed to block it (minecraft.net) manually using the web-gui, but I'm the only one that kinda knows what I'm doing, so I'd rather not have someone else trying to enable/disable it from there.

I've looked at the iptables on the router, and read through some stuff about how it works but I'm no closer to understanding how to do this.

Anybody able to help me out? I can provide a copy of the "iptables --list" (or anything else) if needed, but it'd probably just show how wonderfully insecure the router is and the single rule blocking minecraft.

SMN · 5 Mar 2012 at 12:54

You had a look at firewall builder? If your running ubuntu its available via repo's IIRC.

Djwayne · 5 Mar 2012 at 14:50

Maybe just me but it doesnt seem clear what you are trying to achieve here.

If you want a script to make changes to iptables on a server it will be different to changing rules on a router and from your post it isn't clear which you are trying to do.

Usally if you block a website it remians blocked why is there a need for this to be enabled and disabled selectively and only by certain mac addresses?

Post a bit more info and will see if i can help

NickSlash · 6 Mar 2012 at 13:37

The Goal was to be able to disable access to Minecraft as school work and other more important things were not being done, or done to an acceptable standard

Blocking access to minecraft.net kills the login server and so stops them playing multiplayer which should hopefully be enough. Having a script that can add/remove the rule(s) without showing everyone how to do it via the web gui would be easier (and safer).

I would be changing the rules on the router.

SMN · 6 Mar 2012 at 13:39

Can you not just setup your own DNS server, and tell your DHCP leases to use that DNS server? That way you can just use crontab to add / remove DNS entries (blackholing them). Im assuming your kids arent savvy enough to know how to use specific external DNS Servers?

GaryH-21 · 17 Mar 2012 at 01:37

^ you could do that...

But as DD-WRT has an SSH / Telnet server, I can't see any reason as to why a script couldn't be make to alter the iptables rules... I'll see what I can come up with and get back to you!

Essexraptor · 17 Mar 2012 at 10:11

The other alternative is to just put a blanket block on your kids MAC addresses for the duration of time in the evening etc when they should be doing homework

I'm just an old meanie