Block network crap

markpett · April 26, 2024, 11:05pm

Hi

How to block certain domain and (!) IP?

I need to block:

8.8.8.8 and 8.8.4.4

example.com

domain.* (all TLD)

All DNS requests. Allow only local and Adguard DNS

Can you help?

psherman · April 26, 2024, 11:12pm

Firewall for blocking by ip. Or even do a dns hijack

Dnsmasq (or your dns resolver of choice) entries for blocking domains by setting them to 0.0.0.0

markpett · April 26, 2024, 11:31pm

Thank you for your reply. Unfortunately I am not really experienced with this. Can you guide me through?

psherman · April 26, 2024, 11:50pm

https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns

genuser1 · April 27, 2024, 2:13am

I am using a successful combination of banIP, dns hijack (firewall traffic rule) for anything going to port 53/853 and pihole as the upstream dns resolver for my openwrt router. Pihole is resolving via doh.

Even the hardcoded dns google connectivity checks on android devices don't get a successful response.

markpett · April 27, 2024, 2:56pm

BanIP is package? I cannot find it in OPKG search. Or you mean in firewall?

PiHole or Adguard Home is good, but I have two routers. One is portable second is static. I need to block crap on both. Static have something similar but portable have not enough memory…

Hardware details:

CPU QCA9531, @650MHz SoC

Memory / Storage DDR2 128MB / NOR Flash 16MB + NAND Flash 128MB

genuser1 · April 27, 2024, 3:27pm

BanIP https://openwrt.org/docs/guide-user/services/banip

psherman · April 27, 2024, 3:28pm

ubus cal system board

markpett · April 27, 2024, 3:41pm

Error execution

efahl · April 27, 2024, 3:42pm

Always make sure to do opkg update first, to ensure you have the current package database otherwise find and list will just show empty results.

$ opkg find 'banip'
banip - 0.9.4-3 - banIP blocks IPs via named nftables Sets.

psherman · April 27, 2024, 3:43pm

They may indicate that you are not running official openwrt.
What is the device?

RuralRoots · April 27, 2024, 3:47pm

Typo.
‘ubus call system board’

psherman · April 27, 2024, 3:48pm

Thanks. That is what happens when I’m on mobile

markpett · April 27, 2024, 3:49pm

Yeah! That helped. Thanks!

This worked


"kernel": "5.10.176",    
        "system": "Qualcomm Atheros QCA9533 ver 2 rev 0",
        "model": "GL.iNet GL-XE300",
        "board_name": "glinet,gl-xe300",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.4",
                "revision": "r20123-38ccc47687",
                "target": "ath79/nand",
                "description": "OpenWrt 22.03.4 r20123-38ccc47687"

No problems. Thanks for your time!

psherman · April 27, 2024, 4:04pm

Are you running the gl-Inet firmware?

Regardless, you should upgrade to the latest official release.

https://firmware-selector.openwrt.org/?version=23.05.3&target=ath79%2Fnand&id=glinet_gl-xe300

frollic · April 27, 2024, 4:15pm

OP was, in their other thread.

markpett · April 27, 2024, 4:20pm

On other router (static) I installed official version. On this I must preserve GL firmware otherwise I will lose their DDNS

psherman · April 27, 2024, 4:21pm

In that case you need to be asking your questions on their forums. Their firmware is very different than official openwrt.

markpett · April 27, 2024, 4:56pm

I tried many guides from here and all worked well. Moreover they fixed most of capability problems (at least on this router). So I hoped that you could help. But if you think nothing will work, then I think it is true…