Gargoyle Weburl in firewall.user

Report issues relating to bandwith monitoring, bandwidth quotas or QoS in this forum.

Moderator: Moderators

Post Reply
Kradllit
Posts: 3
Joined: Tue Mar 20, 2012 2:50 pm

Gargoyle Weburl in firewall.user

Post by Kradllit »

Hi. Sorry for my English, i am from Ukraine. I upgrade from OpenWRT to Gargoyle because iptables has weburl module.
But i can't to understand how block all sites with weburl in /etc/firewall.user

I have 2IP. 192.168.1.5 & 192.168.1.10
For 192.168.1.5 i must block all sites but in white list need example google.com
For 192.168.1.10 i must block facebook.com but free to other sites.

If i do:

Code: Select all

iptables -I FORWARD  -p tcp --dport 80 -j DROP
iptables -I FORWARD  -p tcp --dport 8080 -j DROP
iptables -I FORWARD  -p tcp --dport 443 -j DROP
iptables -I FORWARD  -p tcp -d www.google.com.ua --dport 80 -j ACCEPT
It's works.

But i need use weburl. And when i do:

Code: Select all

iptables -I FORWARD  -p tcp --dport 80 -j DROP
iptables -I FORWARD  -p tcp --dport 8080 -j DROP
iptables -I FORWARD  -p tcp --dport 443 -j DROP
iptables -I FORWARD -m weburl --contains "google.com" -j ACCEPT

Code: Select all

iptables -I FORWARD -m weburl --contains_regex "*" -j DROP
iptables -I FORWARD -m weburl --contains "google.com" -j ACCEPT

Code: Select all

iptables -I FORWARD -m weburl --contains_regex "*.*" -j DROP
iptables -I FORWARD -m weburl --contains "google.com" -j ACCEPT

Code: Select all

iptables -I FORWARD -m weburl --contains "*" -j DROP
iptables -I FORWARD -m weburl --contains "google.com" -j ACCEPT
Don't work :(


Can you help me with iptables rules?

tals
Posts: 247
Joined: Fri Dec 09, 2011 7:27 am

Re: Gargoyle Weburl in firewall.user

Post by tals »

Shouldn't you just do this in the web interface, under firewall->restrictions and block web access?
Netgear wndr3700 v2 Gargoyle 1.8.0
TP-Link Archer C7 v2 1.10.X (Built 20180122-0707)

Kradllit
Posts: 3
Joined: Tue Mar 20, 2012 2:50 pm

Re: Gargoyle Weburl in firewall.user

Post by Kradllit »

I have more then 15 routers 1043 ND on Gargoule. I think that web interface its bad to copy rules from one router to other

Kradllit
Posts: 3
Joined: Tue Mar 20, 2012 2:50 pm

Re: Gargoyle Weburl in firewall.user

Post by Kradllit »

My problem is solved.
I edit rules in /etc/config/firewall

Example:

Code: Select all

config 'restriction_rule' 'rule_2'
        option 'is_ingress' '0'
        option 'description' 'socseti'
        option 'proto' 'both'
        option 'url_contains' '"vk.com","odnoklassniki.ru","facebook.com"
        option 'enabled' '1'

config 'restriction_rule' 'rule_1'
        option 'is_ingress' '0'
        option 'description' 'whitelist'
        option 'not_local_addr' '192.168.1.2-192.168.1.10'
        option 'proto' 'both'
        option 'not_url_contains' '"google.com","ya.ru"
        option 'enabled' '1'
And i have 2 groups computer.
First have static network setting. And have access anywhere except social networks.
Second have dhcp network setting and have access only to google.com and ya.ru

And i copy this rules to other routers.

Post Reply