Code: Alles auswählen
ACCEPT loc net UDP 53,123
ACCEPT loc net TCP 21,80,443
Damit dürfen die internen Maschinen DNS, NTP, HTTP(S) und FTP aus dem Netz benutzen.
Mail wären zusätzlich noch TCP 25, 465, 587, 143, 110 und 995 je nach verwendetem SMTP/POP/IMAP.
Deine ursprüngliche Konfig ist halt dafür gedacht, die Webdienste über einen Proxy zu erreichen,
mit dem gewöhnlich ein Verbieten/Erlauben von Websites/Domains einfacher zu realisieren ist als mit netfilter-Regeln.
Bsp.
Code: Alles auswählen
$ host facebook.de
facebook.de has address 69.171.242.11
facebook.de has address 66.220.149.11
facebook.de has address 66.220.158.11
facebook.de has address 69.171.224.11
facebook.de has address 69.171.229.11
die sich auch mit der Zeit ändern und dann als netfilter-Regel neu gesetzt werden müßten.
Beim Proxy wird einfach 'facebook.de' verboten.
Vielleicht gehen sogar wildcards wie 'facebook.*', um "Trickbetrügern" gleich auch zBsp. facebook.co.uk zu verwehren.
Code: Alles auswählen
$ apt-cache search firewall | sort | grep -i fire
apf-firewall - easy iptables based firewall system
arno-iptables-firewall - single- and multi-homed firewall script with DSL/ADSL support
dante-client - SOCKS wrapper for users behind a firewall
dtc-xen-firewall - A small firewall script for your dom0
ferm - maintain and setup complicated firewall rules
fiaif - An easy to use, yet complex firewall
filtergen - packet filter generator for various firewall systems
firehol - An easy to use but powerful iptables stateful firewall
firestarter - gtk program for managing and observing your firewall
fwanalog - firewall log-file report generator (using analog)
fwbuilder - Firewall administration tool GUI
fwbuilder-common - Firewall administration tool GUI (common files)
fwbuilder-dbg - Firewall administration tool GUI (debugging symbols)
fwbuilder-doc - Firewall administration tool GUI documentation
fwknop-client - FireWall KNock OPerator client side
fwknop-server - FireWall KNock OPerator server side
fwlogwatch - Firewall log analyzer
gpe-shield - firewall configuration for GPE
guarddog - firewall configuration utility for KDE
ipkungfu - iptables-based Linux firewall
kmyfirewall - iptables based firewall configuration tool for KDE
libfwbuilder-dev - Firewall Builder API library development files
libfwbuilder8 - Firewall Builder API library
libfwbuilder8-dbg - Firewall Builder API library (debugging version)
libglacier2-33 - Libraries implementing a firewall service for ZeroC Ice
libiptables-parse-perl - Perl extension for parsing iptables firewall rulesets
libnuclient-dev - The authenticating firewall [client development files]
libnuclient4 - The authenticating firewall [client library]
libnussl-dev - The authenticating firewall [SSL development files]
libnussl1 - The authenticating firewall [SSL library]
libpam-nufw - The authenticating firewall [PAM module]
libwfnetobjs0-dev - The WallFire modular firewalling application library - development files
libwfnetobjs0c2 - The WallFire modular firewalling application library - runtime files
mason - Interactively creates a Linux packet filtering firewall
netscript-2.4 - Linux 2.4/2.6 router/firewall/VM host network config. system.
netscript-2.4-upstart - Linux 2.4/2.6 router/firewall/VM host network config. system.
nuauth - The authenticating firewall [authentication daemon]
nuauth-extra - The authenticating firewall [extra modules]
nuauth-log-mysql - The authenticating firewall [MySQL log module]
nuauth-log-pgsql - The authenticating firewall [PostgreSQL log module]
nuauth-utils - The authenticating firewall [tools for admin]
nufw - The authenticating firewall [NFQUEUE daemon]
nulog - Graphical firewall log analysis interface
nutcpc - The authenticating firewall [client]
pyroman - Very fast firewall configuration tool
shorewall - Shoreline Firewall, netfilter configurator
shorewall-common - Shoreline Firewall, netfilter configurator - transition package
shorewall-doc - documentation for Shoreline Firewall (Shorewall)
shorewall-perl - Shoreline Firewall, netfilter configurator - transition package
shorewall-shell - Shoreline Firewall, netfilter configurator - transition package
shorewall6 - Shoreline Firewall (IPv6 version), netfilter configurator
socks4-server - SOCKS4 server for proxying IP-based services over a firewall
ufw - program for managing a Netfilter firewall
uif - Advanced iptables-firewall script
uruk - Very small firewall script, for configuring iptables
zorp - An advanced protocol analyzing firewall
Irgendwo darunter war auch ein Generator mit einem Skript,
das einen einfach Schritt-für-Schritt abfragt und so ein initiales Regel-Set erstellt.
Das obige Eingangsset ist so trivial, daß es sich selbst eigentlich obsolet macht.
Die Firewall Deines wlan-Routers leistet das wohl auch.