Whitelisting Using OpenWrt

I would prefer to whitelist the IPs I want to allow rather than blacklist IPs and ports in the firewall.

Is there any way to easily do this using OpenWrt without resorting to command line ip tables?

Use an ipset ?


what is an ipset? i don't see anything in the firewall options to whitelist anything. i just see ways of blocking things. i can't list every ip to block and i don't see a way to put a range in.

why doesn't OpenWrt just have a whitelist option menu where you can list the IPs you want and blacklist everything else by default?

On wireless you can use the mac filter.

On the lan network it is a bit harder but not impossible.

In that case you login in luci, go to firewall, click on traffic rule and then create one as follows:

Name: whitelist or <insert here>
Src: can be any zone or lan, this is your source zone
dest zone: wan or a vpn interface acting for wan.

And then where the magic comes:

dest ip: !yourwhitelistedip
target/action: reject

The ! symbol indicates not/false so basicly this translates to block anything to wan except ip with !

With target set to drop or reject, reject if you want users to be informed it was a firewall block, drop so it shows as a time out.

Edit I made a oopsie I think.

Swap the dest ip with src ip because this is for internet right? And not to client to client?

frollic did speak English - and was rather clear.

I hope this helps. If not, feel free to ask concise questions:

That's what an ipset is. BTW you can whitelist or blacklist.

Some info:

No hacking required.

I realized this was already discussed in a thread made by the OP here:

Given that the allow/block list discussion does appear to have happened in the thread that @lleachii referenced, I am going to close this thread (with a topic timer per below) -- discussion can continue on the other thread.

@carol.vagina - prior to the topic closing, please feel free to clarify if this is a different goal than the previous thread.


