Hi. Not an expert at all when it comes to iptables, I had to google a lot so I decided to share my current iptables, maybe get some feedback but the main point would me make someone else out there spend less times looking for these rules. Specially the ones to block router access and only allow ssh/http access to one MAC address.
Here are the iptables. Copy and paste this under firewall/custom rules:
https://pastebin.com/AnQKQLrx
Now my question is: Would it be possible to allow access to the modem to one MAC Address? Basically what I'm trying to achieve is being able to reset the router without having to go downstairs and wake up my family in the process. I'm using a script I took from the OpenWRT forums to change the Mac Address on every reset, but I still need unplug/plug the modem. If that's not possible, maybe theres another way?
I was thinking yesterday, what ifwe could configure a script (preferible should be triggered before the router resets, so we save time, while the modem resets, the router resets too and gets a new mac address) on the router to access the modem just to reboot it. I saw theres a plugin called ModemAccess (iirc). Yay or nay?
Anyways here are the rules that I tried to allow access to the modem to one mac address, needless to say I didn't succeed.
Is it possible to allow only one mac address access the modem while blocking everyone else?
Ive tried these:
iptables -A FORWARD 1 -d 192.168.100.1 -m mac --mac-source 11:AA:BB:CC:22:33 -j ACCEPT
iptables -A FORWARD 2 -d 192.168.100.1 -j ACCEPT
iptables -A FORWARD 3 -d 192.168.100.1 -j DROP
iptables -A FORWARD 1 -d 192.168.100.1 -j DROP
iptables -A FORWARD 2 -d 192.168.100.1 -m mac --mac-source 11:AA:BB:CC:22:33 -j ACCEPT
iptables -A FORWARD 3 -d 192.168.100.1 -j ACCEPT
iptables -I INPUT -d 192.168.100.1 -m mac ! --mac-source 11:AA:BB:CC:22:33 -j REJECT --reject-with tcp-reset
Well that's pretty much it sorry for the long post.
IOne thing I would like to see changing in the future is seeing more step by step tutorials on YouTube. I'm not criticizing at all don't get me wrong! But for people with no experience like me that want to finally jump to OpenWRT after years using DD-WRT, those tutorials would help. I installed dnscrypt and the script for the mac. If you guys are ok with it I could make detailed youtube tutorials to help people rotect their routers. Something often overlooked.