主页 > 路由器 > K2 adbyby启动后设备管理和家长控制无法禁止问题

K2 adbyby启动后设备管理和家长控制无法禁止问题

adbyby启动后,会缺省打开一条nat PREROUTING规则

root@K2:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
PREROUTING_REMOTE tcp -- anywhere anywhere
port_forward_nat all -- anywhere anywhere
delegate_prerouting all -- anywhere anywhere
REDIRECT tcp -- anywhere anywhere tcp dpt:www redir ports 8118

将所有访问80端口的流量转发到adbyby监听的8118端口,然后由adbyby来转发相应的上网请求

 

K2设备管理的语句为(使用mangle 表的FORWARD控制):

iptables -t mangle -w -A limit_chain -m mac --mac-source xx:xx:xx:xx:xx:xx -j DROP

Chain FORWARD (policy ACCEPT)
target prot opt source destination
limit_chain all -- anywhere anywhere

Chain limit_chain (1 references)
target prot opt source destination
DROP all -- anywhere anywhere xx:xx:xx:xx:xx:xx

家长控制的语句为(使用filter 表的FORWARD控制):

iptables -t filter -w -I FORWARD -j parent_control

Chain FORWARD (policy DROP)
target prot opt source destination
parent_control all -- anywhere anywhere

Chain parent_control (1 references)

target prot opt source destination
REJECT all -- anywhere anywhere xx:xx:xx:xx:xx:xx  TIME from 08:00:00 to 18:00:00 reject-with icmp-
port-unreachable

根据下图的报文转发流程:
316
报文在前段就被adbyby截住了,所以后面的过滤规则失效,禁止设备通过adbyby通道逃出升天!

 

 

如果本文对你有帮助,请打赏作者,鼓励我们继续写作!

发表评论

电子邮件地址不会被公开。 必填项已用*标注