hi, I have an 3g/4g modem + router as AP in a park I want to block all internet access, except for Facebook, Facebook messenger, WhatsApp, twitter, Instagram.
My neighbors connects principally through phone using their apps. I want to only affects the
br-lan (where is the WiFi) I don't want to lose the ssh access to the router or the Lucy page. Is this possible to achieve, and filtering by DNS names?, Is there any package to do it?.
many answers related talks about using firewall restriction, others packages like banip o adblock , and Im lost. what showld work for me?
-like block all traffic
-allow only facebook.com
-save and survive restart
What should I use? I have latest openwrt and some memory left.
I would try to block all domains using dnsmasq, and whitelisting only a few.
This should give you an idea:
You would only need to edit /etc/dnsmasq.conf
Take a look at the openNDS package. It is designed to do everything you describe with a few simple config settings as well as a Welcome/Information page displayed when people connect.
Add the domain fqdns to the config and edit some text for display and you will be up and running.
You could even allow logins to allow full access for your best mates
Full documentation here:
thank you ill try to investigate more about how to make it work with my actual coova chilli set up.
Thank you, I didin´t know about the new NDS captive portal, righ now I'm thinking into leaving coovachilli, Having problems with the inteface and not logged users.
Using coovachilli, you should be able to get your required functionality, too. Practically, you need to inverse coovas standard ops: Instead of the landing page, where non-authed user has to login, you would need a "Blocked" page. And put Facebook, Whatsapp etc. into the "Walled Garden", to allow unauthed access. Benefit of this setup would be the possibility of throttling the speed.
However, proper setup of coova is (almost) "black magic". Try to do it first on standard linux, to eliminate all the hassle of openwrt. And when having success, port it to openwrt then.