Posted: Mon Oct 01, 2018 2:50 Post subject: How do I block apple update servers?
I'm on metered satellite internet so I want to block the apple update servers that iOS pulls updates from. These are mesu.apple.com and appldnld.apple.com.
I created an access policy that includes all client addresses (...1-> ...254), filter (not deny) , and I entered the above urls in the website blocking by address, and also just mesu and appldnld in block by keyword. Blocking is set to 24 hours, everyday.
If I try to access these via a browser they indeed show up as blocked. But I can ping them and it appears that my iOS devices can reach them and download updates.
How can I block these sites for all uses/protocols/whatever?
An ideal solution would allow blocking from 8AM until 3AM, with the 3AM->8AM window open for updates (traffic is not metered during that period).
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Mon Oct 01, 2018 7:14 Post subject:
check on access restrictions Blocked Services>Catch all P2P Protocols>select apple or this one that you require
the other option is to block sites via iptables rules
but this does not give you a time based restrictions..
also you can block via additional DNSmasq rules... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Thanks for the help.
Just to clarify -
If I select "All P2P Protocols", it will block others like BitTorrent as well? If I want just one or two protocols, I have to list them and NOT check the box?
My version of DD-WRT is old ("if it ain't broke, don't fix it") and lists applejuice, not apple as a protocol. I assume this is a different protocol since my iPad appears to still see the update server (or at least is able to confirm that it is current.)
If I leave the port range at 0~0, does that block all ports? The wiki page has no info on this.
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Tue Oct 02, 2018 5:05 Post subject:
that's y when you ask something you must start with your router model and current build ...
instead of keep asking more and more questions did you do
any test or ask first is your top priority...
well here we read and test first than ask...
if aint broke don't fix it is very lime....
so you might need an update first...
too old is not a gold... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
