I wanna block instagram from being opened in my network.
To avoid bypassing via custom DNS i wanna block by ip:
NetRange: 157.240.0.0 - 157.240.255.255
Hardware RPi4.
luci-app-banip might be the easiest approach - or adding corresponding firewall rules.
2 Likes
thats the easiest way for your kids to learn tech crafts.
3 Likes
or simply disabling wifi on their cell phones.
2 solutions -
- dnsmasq add subnet as bogusnx (blackhole in bind/unbound parlance) and nothing resolves to that subnet
- add blackhole route to subnet (have to manually edit interface to "loopback") - nothing enters or leves that waym
Why do you think so? If they will, I will just turn off all ports other then 443, 53. And boom, no VPN.
Can you point where to search about this? It is like do something like 157.240.0.0 = 0.0.0.0? Or you mean put rule to resolve Instagram.com like 0.0.0.0? If second, DoH easily bypasses it
Router can implement counter measures to stop DoH.
https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns#extras
Click on web ui for once, it has blackhole among route types.
Especially beneficial for kids education. Find a vpn provider that muxes wg and quic on 443/udp.
Who allows UDP on port 443 ?
Like the internet , it is called http/3
Not mandatory, to be open. To be blocked, of course, in case of doing serious 'parental control'.