Hello,
This seems like an interesting issue to help solve.
Perhaps you put the IP addresses you'd like to block into a TXT file and attach it to your original post?
I believe the cleanest option here would be to put that file into a certain directory on the router itself and then by sending a command via JSON-RPC create new firewall rules to block access for those clients. Then by sending another command, these rules could be deleted from the firewall. However, if these IP addresses rarely or never change, then it's probably not worth all this work.
Another option could be to simply create those rules by sending a JSON-RPC request to the router with all of the IP addresses that need to be denied access to the WAN. Then they can be enabled/disabled as you wish using a custom script on the router.
The options needed to create such a rule are:
uci add firewall rule
uci set [email protected][-1].name='Blocked'
uci set [email protected][-1].priority='16'
uci set [email protected][-1].src='lan'
uci set [email protected][-1].dest='wan'
uci set [email protected][-1].proto='all'
uci set [email protected][-1].target='DROP'
uci set [email protected][-1].utc_time='0'
uci set [email protected][-1].enabled='1'
uci set [email protected][-1].dest_ip='xxx.xxx.xxx.xxx'
uci add_list [email protected][-1].dest_ip='yyy.yyy.yyy.yyy'
uci add_list [email protected][-1].dest_ip='zzz.zzz.zzz.zzz'
.
.
.
uci commit firewall
/etc/init.d/firewall restart
When the rule is created, it can be disabled using the command:
uci [email protected][-1].enabled='0'
And enabled:
uci [email protected][-1].enabled='1'
Hope this helps!
Best regards,
DaumantasG
