still nothing blocked
can't answer, no idea what you're trying to achieve..
i want to block websites using any other way except dns because it's easy to bypass
probably want to be in custom rules for the firewall...
reject all outgoing port 53 UDP and TCP traffic, from LAN.
same for port 853, to deal with DoT.
Just as a note here... this version is not just old, it is ancient. It is more than a decade old at this point.
The version you are running has many serious security vulnerabilities and is not considered safe to use in any internet or wifi context. It has been EOL and unsupported for the better part of a decade now. Additionally, a ton of things have changed with respect to capabilities, syntax, and how OpenWrt actually functions under the hood. Unless the people helping you remember the nuances of this very old version, it is possible that the help/guidance you get will not work as expected (or at all), so even the 'best effort support' that may be offered may turn out to be nothing more than guesses about the old version.
I would higly suggest that you consider upgrading to a modern version of OpenWrt... or if your device isn't supported (or runs slowly) with recent OpenWrt versions, you may want to consider new hardware.
thanks for all this info man but this is the only version that works for my router cuz i use it as an access point in this version i get the full speed but in the newer versions i barley get half of the internet speed .
- I don't care for security but thank you so much for you the time you spend writing that
I think you'd feel differently if any of your accounts (email, shopping, banking) got compromised or if your computer was locked in a ransomware attack.
It is your choice what to use, but we aim to provide the information and the methods for simple and reasonable security on your network.
How many websites do you want to block? You can do a dozen or a few dozens manually, if you need to block more than that, you'd need to use some sort of script, like this: https://github.com/stangri/openwrt-simple-adblock or you can use the code there as an example and write your own.
Correct for your outdated, ancient openwrt, you are using. Almost 100% wrong for modern systems. But this is another topic.
I want to block adult content websites
As others have stated, add firewall rules to forward anyone bypassing your DNS back to your internal DNS.
I have a rule that looks like this
Probably not what you want to hear but the real solution here is surely to get a more up to date router capable of running supported and security updated versions of OpenWRT.
can copy and past the rule for me here pliz
config redirect 'adblock_lan53' option name 'Adblock DNS (lan, 53)' option src 'lan' option proto 'tcp udp' option src_dport '53' option dest_port '53' option target 'DNAT'
AM I missing smthn ?
Looks ok from what I can tell.
But you can test it by setting your routers DNS to 126.96.36.199 and then connect a PC with DNS set to 188.8.131.52. On this device goto https://184.108.40.206/help. That will tell you if you're using 220.127.116.11 or not.
I'm sure there is a better way, but this is what you can try for now before an expert can provide some guidance.