Posted: Sun Nov 08, 2020 13:18 Post subject: Access restriction not working with Wireguard
I need help getting restrictions working. I have
Netgear R7800 with
Firmware: DD-WRT v3.0-r44719 std (11/04/20)
I have a 7 year old with autism that loves watching youtube. But latly he has been watching stuff that we do not approve of.
I have tried to clean youtube history, pause, delete everything but some how he lands right back on this garbage.
I really dont know much about networking but I need youtube blocked. On access restriction I input mac and ip tic the catch all p2p, selected youtube. But nothing is blocking youtube.
Joined: 16 Nov 2015 Posts: 6439 Location: UK, London, just across the river..
Posted: Sun Nov 08, 2020 16:06 Post subject: Re: Access restriction not working with Wireguard
Construct0ver wrote:
I need help getting restrictions working. I have
Netgear R7800 with
Firmware: DD-WRT v3.0-r44719 std (11/04/20)
I have a 7 year old with autism that loves watching youtube. But latly he has been watching stuff that we do not approve of.
I have tried to clean youtube history, pause, delete everything but some how he lands right back on this garbage.
I really dont know much about networking but I need youtube blocked. On access restriction I input mac and ip tic the catch all p2p, selected youtube. But nothing is blocking youtube.
Can anyone help me get blocks working?
so, you want to stop access for youtube only for him or total for everyone...in general, Access Restriction do not work as intended or how people believe they should...
there is another way to block youtube...
when you need to block it, save in firewall rules
ipset -N YOUTUBE hash:ip
if you need to unblock it remove it from there
also add this line at advanced DNSmasq rules in GUI to make it work..
ipset=/youtube.com/YOUTUBE
I hope you use DNSmasq for DNS.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 18 Mar 2014 Posts: 12889 Location: Netherlands
Posted: Sun Nov 08, 2020 20:06 Post subject:
If the problem is not WireGuard but in general to block youtube I am thinking along the lines of @Alozoros
This is an excerpt of the IPSET wiki I am working on, but it needs some (read a lot of) work:
Blocking youtube example:
Disable Shortcut Forwarding Engine (SFE)on Setup tab otherwise ESTABLISHED connections will keep on going (or if you script a REJECT rule disable/enable the fast-classifier module: with rmmod/modprobe fast-classifier.ko))
Add the following to Administration/Commands Save Firewall:
Unfortunately this relies on DNS for populating the IPSET and there are many ways to escape this, a number of browsers are already using their ow DSN (DoH).
So you might want to surf to youtube yourself to populate the IPSET.
Posted: Sun Nov 08, 2020 20:09 Post subject: Re: Access restriction not working with Wireguard
Alozaros wrote:
Construct0ver wrote:
I need help getting restrictions working. I have
Netgear R7800 with
Firmware: DD-WRT v3.0-r44719 std (11/04/20)
I have a 7 year old with autism that loves watching youtube. But latly he has been watching stuff that we do not approve of.
I have tried to clean youtube history, pause, delete everything but some how he lands right back on this garbage.
I really dont know much about networking but I need youtube blocked. On access restriction I input mac and ip tic the catch all p2p, selected youtube. But nothing is blocking youtube.
Can anyone help me get blocks working?
so, you want to stop access for youtube only for him or total for everyone...in general, Access Restriction do not work as intended or how people believe they should...
there is another way to block youtube...
when you need to block it, save in firewall rules
ipset -N YOUTUBE hash:ip
if you need to unblock it remove it from there
also add this line at advanced DNSmasq rules in GUI to make it work..
ipset=/youtube.com/YOUTUBE
I hope you use DNSmasq for DNS..
I need to block 4 devices. Without Wireguard running it works. But it is spotty. Spotty meaning its hit or miss with the devices.
Sometimes all 4 device block youtube other times maybe 1 of the 4. Have no scripts running. Used a guide for torguard WG setup.
So using (ipset -N YOUTUBE hash:ip) would I make 4 seperated lines with code or can I do the ipset -N YOUTUBE hash:ip, ip, ip, ip,
Would there be anyway possible to block individual youtube user channels? So Youtube works but channels that are unwanted can be blocked out by user channel name?
Posted: Wed Mar 31, 2021 0:50 Post subject: Re: Access restriction not working with Wireguard
Construct0ver wrote:
Alozaros wrote:
Construct0ver wrote:
I need help getting restrictions working. I have
Netgear R7800 with
Firmware: DD-WRT v3.0-r44719 std (11/04/20)
I have a 7 year old with autism that loves watching youtube. But latly he has been watching stuff that we do not approve of.
I have tried to clean youtube history, pause, delete everything but some how he lands right back on this garbage.
I really dont know much about networking but I need youtube blocked. On access restriction I input mac and ip tic the catch all p2p, selected youtube. But nothing is blocking youtube.
Can anyone help me get blocks working?
so, you want to stop access for youtube only for him or total for everyone...in general, Access Restriction do not work as intended or how people believe they should...
there is another way to block youtube...
when you need to block it, save in firewall rules
ipset -N YOUTUBE hash:ip
if you need to unblock it remove it from there
also add this line at advanced DNSmasq rules in GUI to make it work..
ipset=/youtube.com/YOUTUBE
I hope you use DNSmasq for DNS..
I need to block 4 devices. Without Wireguard running it works. But it is spotty. Spotty meaning its hit or miss with the devices.
Sometimes all 4 device block youtube other times maybe 1 of the 4. Have no scripts running. Used a guide for torguard WG setup.
So using (ipset -N YOUTUBE hash:ip) would I make 4 seperated lines with code or can I do the ipset -N YOUTUBE hash:ip, ip, ip, ip,
I updated to newest build 3/27 and these blocks are no longer working. Did something change in the newer build?
UPDATE:
It is working now. I cleared the firewall rules and input rules again and saved. Started working.
Joined: 18 Mar 2014 Posts: 12889 Location: Netherlands
Posted: Wed Mar 31, 2021 14:37 Post subject:
If extra firewall rules are added on top of the existing rules then it is possible that the lan2wan target is no longer hit and lan2wan holds the access restrictions.
These commands(when executed as last rules) will move the lan2wan target up in the firewall rules so that it is hit (working) again.
