Access Restrictionsallows you to create a set of rules that govern internet access to machines on your network. You can create rules that govern access by individual IP or MAC address, IP address range, time-of-day, traffic type, URL and keywords, etc.

You can create up to 10 sets of rules, with each set of rules being referred to as apolicy. A policy can contain multiple individual rules, such as filtering a specific machine access to a particular web site, and/or filtering access to certain unwanted P2P protocols.

Remember that all policies will be used (this is different than in factory Linksys firmware where only the first matched is used)!For example, if policy #1 is aDenypolicy that restricts all internet access to a machine on your LAN, that machine will no longer be able to access the Internet, regardless of any Filter policies you might have.Note: The term "Filter" is erroneously labeled as "Allow" in earlier versions of DD-WRT firmware. This is the main source of confusion when dealing with access restrictions in DD-WRT. See Eko's forum post for more information.

TheFilteroption is used to block access to web sites, services, or keywords. However, it does not block internet altogether like the "Deny" option does. Nor does it allow internet access during times that a Deny policy denies it.

If you will notice, when you click the "Deny" button (instead of the Filter button), those extra options at the bottom of the page get greyed out (at least in newer dd-wrt versions). This is because filtering a web site, service, etc. in a Deny policy is pointless since the machines in the policy would be denied internet access anyway!

[edit]Denying Internet Access

1. Select an unused policy number (1-10) in the drop-down menu.
2. Enable your policy by settingStatustoEnable.
3. Enter a name for your policy in thePolicy Namefield.Ex."Deny Internet"
4. Click theEdit List of clientsbutton.
5. On theList of clientsscreen, specify clients by IP address or MAC address. Enter the appropriate IP addresses into theIPfields. If you have a range of IP addresses to filter, complete the appropriateIP Rangefields. Enter the appropriate MAC addresses into theMACfields.
6. Click theSaveandApplybuttons to save your changes. Click theClosebutton to return to theAccess Restrictionsscreen.
7. Click the radio button next toDenyInternet access for listed clients during selected days and hours.
8. Set the days when internet access will be denied. SelectEverydayor the appropriate days of the week.
9. Set the time when internet access will be denied. Select24 Hours, or check the box next toFromand use the drop-down boxes to designate a specific time period.
10. ClickSaveandApply.
11. To create or edit additional policies, repeat the necessary steps above.

NOTEIf defining a policy that extends into the next day, you must specify two separate policies

[edit]Filtering Services/URLs/Keywords

For more advanced content filtering tryOpenDNS

1. Select an unused policy number (1-10) in the drop-down menu.
2. Enable your policy by settingStatustoEnable.
3. Enter a name for your policy in thePolicy Namefield.Ex."Filter Bittorrent"
4. Click theEdit List of clientsbutton.
5. On theList of clientsscreen, specify clients by IP address or MAC address. Enter the appropriate IP addresses into theIPfields. If you have a range of IP addresses to filter, complete the appropriateIP Rangefields. Enter the appropriate MAC addresses into theMACfields.
6. Click theSaveandApplybuttons to save your changes. Click theClosebutton to return to theAccess Restrictionsscreen.
7. Click the radio button next toFilterInternet access for listed clients during selected days and hours. (Remember, many DD-WRT versions will have an "Allow" option, but it really means "Filter")
8. Set the days when access will be filtered. SelectEverydayor the appropriate days of the week.
9. Set the time when access will be filtered. Select24 Hours, or check the box next toFromand use the drop-down boxes to designate a specific time period.
10. UnderBlocked Services, enter the services you wish to block (if any).
11. UnderWebsite Blocking by URL Address, enter in the domain name(s) you wish to block (if any).
12. UnderWebsite Blocking by Keyword, enter the keywords you wish to block (if any).
13. ClickSaveandApply.
14. To create or edit additional policies, repeat the necessary steps above.

Note:Filtering does not work if you don't enter a list of clients for that policy.

[edit]Delete

To delete an Internet Access Policy, select the policy number and click the Delete button

[edit]Summary

To see a summary of all the policies, click the Summary button. The Internet Policy Summary screen will show each policy's number, Policy Name, Days, and Time of Day. To delete a policy, click its box, and then click the Delete button. Click the Close button to return to the Filters screen.

[edit]Filtered Internet Port Range

To filter PCs by network port number, select Both, TCP, or UDP, depending on which protocols you want to filter. Then enter the port numbers you want to filter into the port number fields. PCs connected to the Router will no longer be able to access any port number listed here. To disable a filter, select Disable.

[edit]Filtering Inbound Traffic

SeeIptables command.

[edit]Problems/Issues?

Still having problems with Access Restrictions? You may be using an older and no longer maintained version of DD-WRT firmware. In that case, it may help to review the steps in anolder revision of this article, before it was modified for use with DD-WRT v24+