OpenWrt Forum Archive

Topic: IPTables - Not Allow Outgoing Port 80

The content of this topic has been archived on 5 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
perry3819
28 Apr 2007, 15:27

I want to disallow all port 80 requests from 192.168.1.100.  All other LAN IPs have full access.

Would someone respond with the iptables command?

Thanks,
Perry

Post #2
kaldek
29 Apr 2007, 04:44

http://iptables-tutorial.frozentux.net/ … orial.html

Seriously, you should read this because otherwise you'll get some advice which only makes you think of more questions to ask.  Rather than that happening, this document is a one-stop shop.

Post #3
perry3819
1 May 2007, 23:21

I tried:
iptables -A OUTPUT -s 192.168.1.100 -j DROP -p tcp --destination-port 80

iptables -L results in:
.
.
.
Chain OUTPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
output_rule  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
DROP       tcp  --  192.168.1.100        anywhere            tcp dpt:80
.
.
.

However, 192.168.1.100 can browse the internet without any trouble.

Any suggestions?

Post #4
perry3819
1 May 2007, 23:45

The following seems to work:

1) Create a file in /etc/init.d/ named S70myscriptname.
2) chmod 755 /etc/init.d/S70myscriptname
3) Add:  iptables -I forwarding_rule -s 192.168.1.100 -j DROP -p tcp --destination-port 80 -m state --state NEW,ESTABLISHED
to the script.
4) reboot the router to confirm

The discussion might have continued from here.