openwrt 禁局域网内设备访问外网

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -A PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53
iptables -I FORWARD -m mac --mac-source c4:9f:4c:10:54:9b -j DROP
iptables -I FORWARD -m mac --mac-source 20:39:56:5c:f4:57 -j DROP
iptables -I FORWARD -m mac --mac-source 60:21:01:9f:0d:83 -j DROP
iptables -I FORWARD -m mac --mac-source 14:bd:61:cc:aa:4c -j DROP
iptables -I FORWARD -m mac --mac-source 7c:76:68:e0:98:4c -j DROP
iptables -I FORWARD -m mac --mac-source 3c:b6:b7:f6:f7:d7 -j DROP
iptables -I FORWARD -m mac --mac-source 1c:40:e8:11:a1:10 -j DROP

发表评论

邮箱地址不会被公开。 必填项已用*标注