FOOLPROOF way to block ip addresses on OpenWrt 23.05 using only Luci webpage of router


Please help me!

I've been searching the web and trying things for 2 hours now and I'm simply helpless even though I only want a simple thing.

To be able to block access from specific ip addresses to my router and devices connected to my router AND to block access to same specific ip addresses from my router and from devices connected to my router.
So absolutely no access to select ips no matter if it's coming in or going out.

I've tried countless answers from many forum threads and blog post I found and none worked for me. No matter what combination I did I can still ping this ip address I'm trying to block.

I'm a full newbie, I can only use Luci web interface, no command line, no scripts, no ssh no config files. I can click buttons on the OpenWrt Luci webpage of my router.
I have no idea about any of the following and similar things: ZONE, FORWARD, CHAIN, DEVICE, MASQUERADE, NAT, PORTS etc.

I would like to be able to have a list of ip addresses (I think this OpenWrt version has ipset feature in the Luci which might make this more easy as far I can understand) that are completly blocked.
No ping, no traffic, no dns, absolutely nothing to or from these addresses to my router and devices under my router on my network be it lan/wifi or whatever.

I would like to do this by the defaualt Luci web interface. No packages, no dropbear, no dnsmasq, no banip, no adblock. Only buttons and text fields and checkboxes on the default Luci web page of my OpenWrt router please. i tried countless combinations in the Firewall/Traffic Rules page, none worked so far.

I'm going insane over here because of my ignorace and trying to do this simple thing and that all those answers I found not working for me.

Thank you very much!

Why are you then connecting those devices to your router ?


I don't understand your question.
Why am I connecting devices to my router? I have a home router and laptops, desktop computers and phones in my family are connecting to this router.
But I would like to be able to fully block a list of IPs.
Let's say for example that I would like to block all these IPs:

No traffic in and out to or from these ips from my router or any device connected to my router.

Hope I was clear. Sorry I'm beginner, not a network expert.
I just want to desperatly block ip addresses .

Thank you

I thought IPs was referring to the clients, sorry.

Upset would then the way forward, not sure it's available via Luci though.

There is an "IP Sets" tab on the Firewall page.

I would appreciate a foolproof step by step guide as in where to click on the Firewall page in (I assume) the Traffic Rules tab because I have no idea.
As I said in my first post I tried a lot of combinations from answers I found on this forum and on others but none worked.


Does IP sets let you define a list of IPs, or only enter a name of an ipset ?

The IP sets tab in Firewall looks like this.
I can add multiple ip addresses. But I don't really know what any of the other settings mean and how can I invoke this IP Set in a Traffic Rule to block the IPs in the IP Set.


To block lan clients:

To block the router itself:


Like nineties style:

Thank you @pavelgl the lan client blocking seems to be working now, I can't ping the addresses in the IP set list. This is what I wanted basically.