On 02/08/16 17:24, Mike Wright wrote:
On 02/08/2016 02:10 PM, Bob Goodwin wrote:
Can someone give me an example [for my router] of the iptables code needed to prevent 192.168.1.17 from connecting to the internet while keeping normal LAN access?
Hi Bob,
Decided lack of info to go on but this will accomplish that.
If you just want the internet to be "non-existent" WRT 192.168.1.17 the easiest way is to DROP all traffic between them.
Let eth0 be the internet connected network card.
iptables -t filter -A INPUT -i eth0 -d 192.168.1.17 -j DROP iptables -t filter -A OUTPUT -o eth0 -s 192.168.1.17 -j DROP
That helps, I had a router on the shelf that I decided to try openwrt on, it works slick but it doesn't have some of the access control features of Tomato and DD-WRT that I am accustomed to and requires adding code to iptables which is really beyond my skill level ... But I intend to give it a try.
Thanks to you and Richard,
Bob