adbyby启动后,会缺省打开一条nat PREROUTING规则:
root@K2:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
PREROUTING_REMOTE tcp — anywhere anywhere
port_forward_nat all — anywhere anywhere
delegate_prerouting all — anywhere anywhere
REDIRECT tcp — anywhere anywhere tcp dpt:www redir ports 8118
将所有访问80端口的流量转发到adbyby监听的8118端口,然后由adbyby来转发相应的上网请求
K2设备管理的语句为(使用mangle 表的FORWARD控制):
iptables -t mangle -w -A limit_chain -m mac –mac-source xx:xx:xx:xx:xx:xx -j DROP
Chain FORWARD (policy ACCEPT)
target prot opt source destination
limit_chain all — anywhere anywhere
Chain limit_chain (1 references)
target prot opt source destination
DROP all — anywhere anywhere xx:xx:xx:xx:xx:xx
家长控制的语句为(使用filter 表的FORWARD控制):
iptables -t filter -w -I FORWARD -j parent_control
Chain FORWARD (policy DROP)
target prot opt source destination
parent_control all — anywhere anywhere
Chain parent_control (1 references)
target prot opt source destination
REJECT all — anywhere anywhere xx:xx:xx:xx:xx:xx TIME from 08:00:00 to 18:00:00 reject-with icmp-
port-unreachable
根据下图的报文转发流程:
报文在前段就被adbyby截住了,所以后面的过滤规则失效,禁止设备通过adbyby通道逃出升天!