Blocking youtube to singular device mac address

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi,
I've looked over the openwrt firewalls section to try and solve but I am still having trouble.
Basically, I would like to block youtube on a sigular device but allow all other traffic. is this possible and how please?

I have tried the following config but I may be incorrect in what i am doing.

config rule
       option src 'lan'
       option src_mac 'F8:04:2E:B4:9A:E8'
       option dest 'wan'
       option proto tcp
       option family ipv4
       option dest_ip 64.233.161.136
       option dest_ip 64.233.162.93
       option dest_ip 64.233.163.91
       option dest_ip 64.233.163.93
       option dest_ip 64.233.164.190
       option dest_ip 64.233.164.136
       option dest_ip 64.233.165.93
       option dest_ip 64.233.165.91
       option dest_ip 64.233.165.136
       option dest_ip 173.194.222.136
       option dest_ip 173.194.222.91
       option dest_ip 173.194.222.93
       option dest_ip 173.194.73.93
       option dest_ip 173.194.73.136
       option dest_ip 173.194.73.91
       option dest_ip 209.85.233.93
       option weekdays 'Mon Tue Wed Thu Fri'
       option utc_time '0'
       option target 'REJECT'
       option name 'Kids weekdays'
       option enabled '1'
2

You might want to look at https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_config_ipset

1 Like
3 
config ipset                                             
	option name 'youtube'
	option storage 'hash'
	option match 'dst_net'
	list entry '64.233.161.136'
	list entry '64.233.162.93'
	list entry '64.233.163.93'
	list entry '64.233.164.190'
	list entry '64.233.164.136'
	list entry '64.233.165.93'
	list entry '64.233.165.91'
	list entry '173.194.222.136'
	list entry '173.194.222.91'
	list entry '173.194.222.93'
	list entry '173.194.73.93'
	list entry '173.194.73.136'
  	list entry '173.194.73.91'
 	list entry '209.85.233.93'


config rule
	option src 'lan'
	option src_mac 'F8:04:2E:B4:9A:E8'
	option dest 'wan'
	option family 'ipv4'
	option proto 'all'
	option ipset 'youtube'     
	option target 'DROP'

You may have to install ipset:

opkg update
opkg install ipset
2 Likes
4

Thanks. I'll give this a go soon and get back to you. Much appreciated