Block certain domains for certain mac addresses (Parental Control)

Installing and Using OpenWrt Network and Wireless Configuration
1

Ok, so I found this documentation https://openwrt.org/docs/guide-user/firewall/fw3_configurations/dns_ipset
And I was thinking, that this could be used for blocking a domain for example youtube.com for certain devices on my local network through their mac address by applying this solution to a specific Traffic Rule (that could be also applied for certain times this way).
if this is possible, could someone help me out with this setup since I have trouble understanding the documentation (I know something about bash script and I know about networking but with this commands I have trouble on knowing where is the defined domain).

2

Copy paste the entire blocks of code to the terminal as-is.
It should create the proper templates for your configuration.

Then you can adjust the settings with the web interface.
Using source restriction is also explained in the extras.

3 Likes
3

... or install adblock.

3 Likes
4

Ok, so I did follow the entire documentation but in the end I found that the domain being blocked apply to the entire network since is changing the config on dnsmasq, so I revert back the config and followed it step by step and I could find the culprit lines:

uci add_list dhcp.@dnsmasq[0].server="/example.com/127.0.0.1#53001"
uci add_list dhcp.@dnsmasq[0].server="/example.net/127.0.0.1#53001"
uci commit dhcp
/etc/init.d/dnsmasq restart

So either you run another instance of dnsmasq, like in a lite weight mode just only the DNS resolver portion on another port and redirect part of the network with a firewall rule (Intercept-DNS).
Or, the most probably option that Im thinking (the last one is way to complex thus it isn't optimal), is through a script that resolves the domains IP's and blocks them from time to time (if the dominan changes its IP's, this would refresh the block with the new ones) with the help of a cron job that calls the script and this script modifies the targeted firewall rule that applys to the devices set on the rule itself.

5

That article doesn't block domain name resolution.
So, you don't need to set up multiple DNS instances.

Instead, it filters transit traffic to the domain IPs.
The filtering scope can be limited to specific MACs.

1 Like