String based iptables filtering - OpenWrt Forum
forum.openwrt.org › t › string-based-iptablesNov 03, 2019 · root@OpenWrt:~# iptables --list-rules | grep facebook -A FORWARD -m string --string "facebook.com" --algo bm --to 65535 -j DROP root@OpenWrt:~# iptables --list-rules -P INPUT ACCEPT -P FORWARD DROP -P OUTPUT ACCEPT -N forwarding_lan_rule -N forwarding_rule -N forwarding_wan_rule -N input_lan_rule -N input_rule -N input_wan_rule -N output_lan_rule -N output_rule -N output_wan_rule -N reject -N ...
OpenWRT firewall configuration (pole route) - Programmer All
https://programmerall.com/article/867815956423, UCI is the standard of openwrt unified profile, I really don't like this syntax, no iptables come clear. 4, OpenWRT is based on FireWall configuration, because there are many network ports, there are WAN and LANs, eventually convert to a lot of custom chains, it seems to be very hard, my suggestion is all on the firewall layer, then Use iptables to do restrictions.
[OpenWrt Wiki] Netfilter In OpenWrt
openwrt.org › netfilter_iptables › netfilter_openwrtNetfilter In OpenWrt The purpose of this section is to briefly describe the netfilter/iptables subsystem and then delve into OpenWrt specifics. netfilter rules require a fine level of granularity to tune packet filtering. This can cause undesirable scenarios when many rules are matching on similar packets. Be careful using the iptable application!