Allow Access to Specific Websites

Allow Access to Specific Websites main image Allow Access to Specific Websites image

In TelcOS Melaleuca you can restrict access to a list of web domains.  This feature is a great tool for kiosks or data sensitive applications.  Currently this is accomplished via the terminal by editing a couple of configuration files.  Here we will guide you through set up, showing you how to extend and customise this feature to your needs.
 

1. SSH into the device and use the vi text editor to create a new file

ssh root@192.168.1.1

Create and edit a new list of allowed sites:

vi /etc/allowed_sites.jail

2. Add the list of allowed sites to the file using following the formatting shown here, replacing telcoantennas.com.au and/or google.com.au with the site(s) you wish to allow.  Add as many sites as you would like, one per line.  Note: the final line containing server=/#/ is required.

server=/telcoantennas.com.au/#
server=/google.com/#
server=/kernel.org/#
server=/#/

3. Next, tell the T1's DNS server to use this file.  Add the following line to the bottom of the config dnsmasq section in /etc/config/dhcp

option serversfile '/etc/allowed_sites.jail'

4. Finally, in order to prevent clients from circumventing your policy by simply changing the DNS server on their devices, add the following firewall rules.  These rules will intercept DNS traffic and redirect it to the T1.  These can be added by navigating in the Web UI to Network > Firewall > Custom Rules and pasting them there then clicking Restart Firewall. Alternatively you may add these lines to /etc/firewall.user

iptables -t nat -A prerouting_rule -p udp --dport 53 -j REDIRECT
iptables -t nat -A prerouting_rule -p tcp --dport 53 -j REDIRECT


5. Once this is configured and saved, reboot the device to finalise the application of these policies.

You can now download a configuration file under System > Firmware and Backup > Download Configuration so that you can rapidly deploy the same configuration to other devices or restore from a backup.