Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- # http://www.dd-wrt.com/phpBB2/viewtopic.php?t=289277
- #BLOCKED_NET="br0" # private network
- BLOCKED_NET="br1" # guest network
- #BLOCKED_NET="br+" # all networks (private and guest)
- # build the whitelist database
- WL="
- 157.166.226.26 # cnn.com
- 209.102.213.14 # mlb.com
- #96.17.202.227 # newegg.com
- ipchicken.com
- amazon.com
- frys.com
- www.facebook.com
- www.google.com
- "
- WL_CHAIN="whitelist"
- # cleanup from prior execution (precautionary)
- (
- iptables -D FORWARD -p tcp -i $BLOCKED_NET ! --dport 53 -m state --state NEW -j $WL_CHAIN
- iptables -F $WL_CHAIN
- iptables -X $WL_CHAIN
- ) 2>/dev/null
- # create the whitelist chain
- iptables -N $WL_CHAIN
- # load the whitelist chain
- OIFS="$IFS"; IFS=$'\n'
- for ip in $WL; do
- if [ ${ip:0:1} != '#' ]; then # ignore comments
- iptables -A $WL_CHAIN -d $(echo $ip | sed 's:#.*$::g') -j RETURN
- fi
- done
- IFS="$OIFS"
- iptables -A $WL_CHAIN -p tcp -j REJECT --reject-with tcp-reset
- iptables -A $WL_CHAIN -j REJECT --reject-with icmp-host-prohibited
- # trap new connections and check destination against whitelist (always allow DNS)
- iptables -I FORWARD -p tcp -i $BLOCKED_NET ! --dport 53 -m state --state NEW -j $WL_CHAIN
- # review our handiwork
- iptables -vnL FORWARD | grep $WL_CHAIN
- iptables -vnL $WL_CHAIN
Add Comment
Please, Sign In to add comment
