iptables配置文件
屏蔽局域网MAC地址
iptables -I FORWARD -m mac --mac-source B0:A3:7E:17:8C:6B -j DROP
iptables -I FORWARD -m mac --mac-source 54:E4:BD:2F:26:67 -j DROP
屏蔽局域网访问外网特定网站
iptables -I FORWARD -d tms.can.cibntv.net -j DROP
iptables的配置文件在/etc/firewall.user 这个文件里面
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
iptables -I FORWARD -m mac --mac-source B0:A3:7E:17:8C:6B -j DROP
iptables -I FORWARD -m mac --mac-source 54:E4:BD:2F:26:67 -j DROP
iptables -I FORWARD -d tms.can.cibntv.net -j DROP
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
可以把上面的内容加入中间
具体iptables的用法网络上一堆。