DNS/IP block rules using dnsmasq / iptables are available in data/openwrt folder.
These rules are focused on latest OpenWrt release (Chaos Calmer 15.05.1).
Requires package "iptables-mod-nat-extra" for port 53 (DNS) redirect rule from dnsmasq.conf.
dnsmasq.conf is bypassed if you use DNSCrypt on client machine (recommended) so use hosts before DNSCrypt exit point.
DNSCrypt is also available in OpenWrt repo, but may be slow and CPU hungry on average routers, stay with the PC client as recommended.
I then restarted the firewall service firewall restart but nothing gets blocked. I rebooted the router, but again - nothing gets blocked.
The latest release (as of my posting) is 18.06.4, not 15.05.1
No clue what those IPs are
No clue why these IPs are not added using the normal method
No clue why you need iptables-mod-nat-extra (maybe it was needed in 15.05.1)
No clue why you believe these rules didn't work
No clue if you installed DNSCrypt
What are you actually trying to block...DNS...or something else?
Why do you think the rules didn't work (i.e. you expected something to stop, or you could actually still ping, browse, etc. - to the IPs)? Basically, describe how you know.
What version of OpenWrt are you running?
I'm lost at why this script was updated a few days ago; but has information noting a version release 4+ years old, as recent...
For the domains, yes. I'd personally just install Adblock and place them in the blacklist. This would allow me to block other domains/tracking later without a large fuss.
IPs...those firewall.user rules should have worked, if you tested from a client in LAN (FORWARD); and not the router itself (OUTPUT).
You didn't mention if the DNS lookups are blocked when querying the OpenWrt's dnsmasq instance. If not, I believe that's because the dnsmasq.conf additions are incorrect syntax...or incomplete, rather. It's also not advisable to add raw configs and rules; but use OpenWrt's UCI/LuCI web GUI interfaces instead. The UCI file to edit for dnsmasq settings you desire is /etc/config/dhcp. The firewall - /etc/config/firewall.
BTW, snapshots update every ~24 hours, I'd also upgrade to the latest snapshot before installing more packages.
Tested again and IP's worked this time. No idea what was wrong the first time.
As for Adblock - I've tried that a few days ago, but for some reason I was leaking DNS requests when enabled (my router is setup to connect to a VPN via Wireguard). I'll be playing with Adblock again.