adbyby启动后，会缺省打开一条nat PREROUTING规则：

root@K2:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
PREROUTING_REMOTE tcp — anywhere anywhere
port_forward_nat all — anywhere anywhere
delegate_prerouting all — anywhere anywhere
REDIRECT tcp — anywhere anywhere tcp dpt:www redir ports 8118

将所有访问80端口的流量转发到adbyby监听的8118端口，然后由adbyby来转发相应的上网请求

K2设备管理的语句为（使用mangle 表的FORWARD控制）：

iptables -t mangle -w -A limit_chain -m mac –mac-source xx:xx:xx:xx:xx:xx -j DROP

Chain FORWARD (policy ACCEPT)
target prot opt source destination
limit_chain all — anywhere anywhere

Chain limit_chain (1 references)
target prot opt source destination
DROP all — anywhere anywhere xx:xx:xx:xx:xx:xx

家长控制的语句为（使用filter 表的FORWARD控制）：

iptables -t filter -w -I FORWARD -j parent_control

Chain FORWARD (policy DROP)
target prot opt source destination
parent_control all — anywhere anywhere

Chain parent_control (1 references)

target prot opt source destination
REJECT all — anywhere anywhere xx:xx:xx:xx:xx:xx  TIME from 08:00:00 to 18:00:00 reject-with icmp-
port-unreachable

根据下图的报文转发流程：

报文在前段就被adbyby截住了，所以后面的过滤规则失效，禁止设备通过adbyby通道逃出升天！