Hi, YouTube use SSL. So you can't match strings inside the packet, it is encrypted. Best regards, On Mon, May 4, 2020, 15:40 Sơn Đỗ <sondd1096@xxxxxxxxx> wrote: > I have a Linux router and using iptables 1.4 to configure the firewall. > > And I want to permit a device to access a certain website with a > domain name and block other websites. So I have use some cmds in > iptables below: > > > > iptables -N allow_chain > iptables -A FORWARD -j allow_chain > iptables -A allow_chain -m mac --mac-source 11:22:33:44:55:66 -m > string --algo bm --string youtube -j ACCEPT > iptables -A allow_chain -m mac --mac-source 11:22:33:44:55:66 -j DROP > > > In this case, I want computer with MAC address 11:22:33:44:55:66 > connected to my Linux router can only access the youtube . But the > result was not my expectation, after I apply those rules , my computer > cannot access to youtube and other web also, it drop all internet > connection . In my understanding, the rule with ACCEPT target was not > apply even the package match with the condition, and all packages are > handled in the rule with DROP target. > > So is there any thing wrong with my cmd? What was the problem ? > > Please help me, Thanks. >
