Hi there,
what is the suggested method to block windows & apple updates on OpenWRT?
I have a list of well-known URLs which could be used for this...
Got this, but might be outdated Blocking websites on your router
find a list of IPs hosting those services and block them in the firewall or banip.
or find a list of hosts for the same services, and block them using your own DNS.
1 Like
IPs might change at anytime, while the DNS being used is Google...
correct.
but as long as you don't control the DNS, you can't stop them, by any other means than IP.
pretty sure the banip is able to refresh the host->IP list - banIP support thread
external DNS traffic can be blocked or rerouted, if you mean they're using non-local DNS.
and they will always be able to update while not connected to your LAN.
but at least in windows you should be able to disable updates.
Good luck with stopping Apple. If you wait long enought (a year) it will be forced installed at what ever network if finds and unless you live in a cave it will find some internet somewhere.
If you block Win 10 and Microsoft you will probably have other problems after a while since the subcription demands server uplink to verify the license for piracy protection and if the computer is offline to long it will get blocked until verified.
At work we block:
- mesu.apple.com
- appldnld.apple.com
- itunes.apple.com
- albert.apple.com
- gs.apple.com
- phobos.apple.com.edgesuite.net
- phobos.apple.com
- icloud.apple-dns.net
- ntservicepack.microsoft.com
- windows.com
- a-msedge.net
- windowsupdate.com
- update.microsoft.com
- ws.microsoft.com
- wustat.windows.com
- live.com
Seems to be working...while with OpenWRT we want to block updates through a slow connection used on holidays!
1 Like
well, you've already gotten your answer.
Block the IPs belonging to those sites, or set up your own DNS, and block the DNS names.