I will use these settings:
# Allow these TRUSTED hosts unrestricted access
iptables -A wanout -i `nvram get lan_ifname` -m mac --mac-source <allowed MAC #1> -j ACCEPT
iptables -A wanout -i `nvram get lan_ifname` -m mac --mac-source <allowed MAC #2> -j ACCEPT
# Allow everyone access to these sites
iptables -A wanout -i `nvram get lan_ifname` -d <VPN IP1> -j ACCEPT
iptables -A wanout -i `nvram get lan_ifname` -d <VPN IP2> -j ACCEPT
# Everything else gets blocked
iptables -A wanout -i `nvram get lan_ifname` -j DROP
should this work fine? I'm assuming the vpn address are available on all ports. and everything else should be blacklisted on all ports.
This should prevent torrenting and any other activity unless done through a VPN unless the mac address is under the trusted list, correct?