K2 adbyby启动后设备管理和家长控制无法禁止问题

adbyby启动后,会缺省打开一条nat PREROUTING规则

root@K2:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
PREROUTING_REMOTE tcp — anywhere anywhere
port_forward_nat all — anywhere anywhere
delegate_prerouting all — anywhere anywhere
REDIRECT tcp — anywhere anywhere tcp dpt:www redir ports 8118

将所有访问80端口的流量转发到adbyby监听的8118端口,然后由adbyby来转发相应的上网请求

 

K2设备管理的语句为(使用mangle 表的FORWARD控制):

iptables -t mangle -w -A limit_chain -m mac –mac-source xx:xx:xx:xx:xx:xx -j DROP

Chain FORWARD (policy ACCEPT)
target prot opt source destination
limit_chain all — anywhere anywhere

Chain limit_chain (1 references)
target prot opt source destination
DROP all — anywhere anywhere xx:xx:xx:xx:xx:xx

家长控制的语句为(使用filter 表的FORWARD控制):

iptables -t filter -w -I FORWARD -j parent_control

Chain FORWARD (policy DROP)
target prot opt source destination
parent_control all — anywhere anywhere

Chain parent_control (1 references)

target prot opt source destination
REJECT all — anywhere anywhere xx:xx:xx:xx:xx:xx  TIME from 08:00:00 to 18:00:00 reject-with icmp-
port-unreachable

根据下图的报文转发流程:
316
报文在前段就被adbyby截住了,所以后面的过滤规则失效,禁止设备通过adbyby通道逃出升天!

为您推荐

发表评论

电子邮件地址不会被公开。