I have a Linux router and using iptables 1.4 to configure the firewall. And I want to permit a device to access a certain website with a domain name and block other websites. So I have use some cmds in iptables below: iptables -N allow_chain iptables -A FORWARD -j allow_chain iptables -A allow_chain -m mac --mac-source 11:22:33:44:55:66 -m string --algo bm --string youtube -j ACCEPT iptables -A allow_chain -m mac --mac-source 11:22:33:44:55:66 -j DROP In this case, I want computer with MAC address 11:22:33:44:55:66 connected to my Linux router can only access the youtube . But the result was not my expectation, after I apply those rules , my computer cannot access to youtube and other web also, it drop all internet connection . In my understanding, the rule with ACCEPT target was not apply even the package match with the condition, and all packages are handled in the rule with DROP target. So is there any thing wrong with my cmd? What was the problem ? Please help me, Thanks.
