Block navigation on all not white-listed domains


I set a VPN Server, but I would like to allow the VPN Clients to be able to navigate only a couple of domains.
So by defaults all domains shall be black-listed and only few (no more than 10 domains and their subdomains) shall be white-listed.

How to achieve this? I read about dns-filtering Restricting all websites except specific websites on OpenWrt - #3 by rony4d, but it is not so clear to me.

Let's suppose I only want white-listed, how to achieve this?

Thanks for support.

This will also include all subdomains of

uci add_list dhcp.@dnsmasq[0].server='/*/#'
uci add_list dhcp.@dnsmasq[0].server='/'
uci commit dhcp
/etc/init.d/dnsmasq restart

Thanks a lot... I think I have some issue with the latest command:


As a workaround I copied the file opewrt-release as os-release, does it make any sense?

Anyway It seems like dnsmasq is not really working for me and I can navigate all the sites :frowning:
Any hint?

Here you have the content of the file /var/etc/dnsmasq.conf.cfg02411c

And this is the content of /etc/dnsmasq.conf

Shall this file be modified in order to achieve the goal?

It looks like you are using an older version of dnsmasq.

Try replacing

uci add_list dhcp.@dnsmasq[0].server='/*/#'


uci add_list dhcp.@dnsmasq[0].address='/#/'

Is this OpenWrt or the stock GL.iNet firmware?


Thanks again.
It is the GL.iNet firmware on a Velica device

I will try and let you know

then you should let gl.inet know, or install proper openwrt -

Yep, I heard about this and some time ago I also tried it.

What is good in the older GL.iNet is that they developed some easy to use interface that allows to configure easily some basic tasks... but when it comes to more "advanced" configuration they still use an old version.
I could install the one you showed to me, and I will think about it, but I will loose the GL-iNet interface. If I manage to configure it with what I need I would prefer to avoid this.

Thanks anyway

then the questions should be posted at their forum, not here.
the two FWs aren't, after all, the same.


Yes you are right. My bad.

I will probably install the sw you told me.
Much better.

Thanks a lot for suggestion

No way. I think I will install OpenWrt 22.03. Thanks a lot for your precious support

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.