is the guest traffic to be restricted ?
it may have the answer
Do you know if its possible to exempt a whole subnet like so:
iptables -t nat -I ContFilt -s 192.168.0.0 /24 -j RETURN
yes you can, but you dont want spaces between the subnet and mask
this is correct
iptables -t nat -I ContFilt -s 192.168.0.0/24 -j RETURN
Very good thank you.
Last question - is it possible to specify a username/password to allow a user to bypass filtering within a filtered subnet ?
they will need to login to do it...in internet explorer you need to specify the UTM on port 81 for it to work
system -> users -> groups -> new group with 'bypass content filtering' selected
then create a user on the users tab, and make them a member of this group
fabulous - will try this over the next couple of days and let you know how it goes.
yes that all worked thanks