Block network crap

Hi

How to block certain domain and (!) IP?

I need to block:

8.8.8.8 and 8.8.4.4

example.com

domain.* (all TLD)

All DNS requests. Allow only local and Adguard DNS

Can you help?

Firewall for blocking by ip. Or even do a dns hijack

Dnsmasq (or your dns resolver of choice) entries for blocking domains by setting them to 0.0.0.0

1 Like

Thank you for your reply. Unfortunately I am not really experienced with this. Can you guide me through?

https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns

1 Like

I am using a successful combination of banIP, dns hijack (firewall traffic rule) for anything going to port 53/853 and pihole as the upstream dns resolver for my openwrt router. Pihole is resolving via doh.

Even the hardcoded dns google connectivity checks on android devices don't get a successful response.

BanIP is package? I cannot find it in OPKG search. Or you mean in firewall?

PiHole or Adguard Home is good, but I have two routers. One is portable second is static. I need to block crap on both. Static have something similar but portable have not enough memory…

Hardware details:

CPU QCA9531, @650MHz SoC

Memory / Storage DDR2 128MB / NOR Flash 16MB + NAND Flash 128MB

BanIP https://openwrt.org/docs/guide-user/services/banip

ubus cal system board

Error execution :slightly_frowning_face:

Always make sure to do opkg update first, to ensure you have the current package database otherwise find and list will just show empty results.

$ opkg find 'banip'
banip - 0.9.4-3 - banIP blocks IPs via named nftables Sets.

They may indicate that you are not running official openwrt.
What is the device?

Typo.
‘ubus call system board’

1 Like

Thanks. That is what happens when I’m on mobile :flushed::rofl:

1 Like

Yeah! That helped. Thanks!

This worked


"kernel": "5.10.176",    
        "system": "Qualcomm Atheros QCA9533 ver 2 rev 0",
        "model": "GL.iNet GL-XE300",
        "board_name": "glinet,gl-xe300",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.4",
                "revision": "r20123-38ccc47687",
                "target": "ath79/nand",
                "description": "OpenWrt 22.03.4 r20123-38ccc47687"

No problems. Thanks for your time!

1 Like

Are you running the gl-Inet firmware?

Regardless, you should upgrade to the latest official release.

https://firmware-selector.openwrt.org/?version=23.05.3&target=ath79%2Fnand&id=glinet_gl-xe300

OP was, in their other thread.

On other router (static) I installed official version. On this I must preserve GL firmware otherwise I will lose their DDNS :thinking:

In that case you need to be asking your questions on their forums. Their firmware is very different than official openwrt.

1 Like

I tried many guides from here and all worked well. Moreover they fixed most of capability problems (at least on this router). So I hoped that you could help. But if you think nothing will work, then I think it is true…