I wanted to make a white list using the settings below.
iptables -N wanout
iptables -I FORWARD -i `nvram get lan_ifname` -j wanout
iptables -I wanout -m mac --mac-source 01:26:f7:46:71:4b -j ACCEPT
iptables -I wanout -m mac --mac-source d2:37:b5:f2:39:f3 -j ACCEPT
iptables -I wanout -d gamepedia.com -j ACCEPT
iptables -I wanout -d toysrus.com -j ACCEPT
iptables -A wanout -j REJECT --reject-with icmp-proto-unreachable
So the boxes with the MACs specified are exempt from blocking. The domains "gamepedia.com" and "toysrus.com" are accesible to all.
But the problem is that those domains pulls stuff in from other domains using or something, which makes the IPTable block the loading of the website to complete.
How do I deal with that in the best way? I don't want to look up everything they pull in and white list that as well. Also it might change.
Isn't there a way to say "accept all from this domain, even unrelated stuff"?