I am organizing a training session and I want people to only access a few websites on my openwrt router. I have checked multiple links and I have been able to only specify websites I want to restrict. What I really want to do is to allow only a few specified websites and to restrict everyother website.
Thank you.
Hey,
I think there may well be may ways to achieve this, depending on your time you want to put into it... but maybe I can suggest a start:
Your router can block or redirect requests to port 53 TCP/UDP... which will isolate DNS requests and enable you to block or redirect, hence control which websites are accessible to your guests accessing from a SSID you setup for this purpose, directed through an interface you also create for them...
So if someone types google.com then if its blocked it won't return an ip address for google.com ... if its allowed it will return the correct IP address for the website...
You want to maybe start here - Network --> Firewall - Traffic Rules....
Next challenge is maybe to setup a list of allowed websites for DNS of allowed sites ...
Maybe its possible to block all and whiltelist, have a look here: https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#dns_filtering
OpenWRT is not my strong point yet, as I've only ever learned what I needed for it... but maybe some hardened OpenWRT'ers will jump in with some solid way to do it 
Thank you for the quick response. I will dive right in.
Thanks a lot. You just saved me. I was able to implement the solution based on the link you sent: https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#dns_filtering
The solution is under DNS filtering. The white list part
Thanks a whole lot again.
# Whitelist
uci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server="/example.com/#"
uci add_list dhcp.@dnsmasq[0].server="/example.net/#"
uci add_list dhcp.@dnsmasq[0].server="/#/"
uci commit dhcp
/etc/init.d/dnsmasq restart
No worries at all, I'm glad you got the result you needed
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.