TikTok Block on mobile app

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
connect
DD-WRT Novice


Joined: 01 Mar 2020
Posts: 18
PostPosted: Wed Mar 03, 2021 6:51    Post subject: TikTok Block on mobile app Reply with quote
Hello,


i am unable to block titkon on mobile app using dnsmasq

Firmware: DD-WRT v3.0-r44048 std


address=/musical.ly/0.0.0.0
address=/muscdn.com/0.0.0.0
address=/.musical.ly/0.0.0.0
address=/.tik-tak.co.il/0.0.0.0
address=/tik-tak.co.il/0.0.0.0
address=/.tiktok.com/0.0.0.0
address=/tiktok.com/0.0.0.0
address=/v16a.tiktokcdn.com/0.0.0.0
address=/log.tiktokv.com/0.0.0.0
address=/log.tiktokv.com/0.0.0.0
address=/ib.tiktokv.com/0.0.0.0
address=/api-h2.tiktokv.com/0.0.0.0
address=/v16m.tiktokcdn.com/0.0.0.0
address=/api.tiktokv.com/0.0.0.0
address=/v19.tiktokcdn.com/0.0.0.0
address=/mon.musical.ly/0.0.0.0
address=/api2-16-h2.musical.ly/0.0.0.0
address=/api2.musical.ly/0.0.0.0
address=/log2.musical.ly/0.0.0.0
address=/api2-21-h2.musical.ly/0.0.0.0
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12877
Location: Netherlands
PostPosted: Wed Mar 03, 2021 7:36    Post subject: Reply with quote
Nowadays browser and apps can use their own secure DNS. Maybe that is the case here?

You might research using ipset to block websites.

See my signature at the bottom.

Note: if the user is not using DNSMasq (as we suspect) than you have to make the list yourself either by surfing to tiktok from a computer which uses DNSMasq or manually making a list with all the addresses.

Note 2:
We can help you better if you state router model and build number:
To get the best out of DDWRT and the forum read the forum guidelines with helpful pointers:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157
PostPosted: Wed Mar 03, 2021 11:42    Post subject: Reply with quote
As @egc suggests, this strategy *assumes* the client is actually using DNSMasq, which these days isn't always the case. You may be forced to block this traffic using the firewall instead, which acts independently of DNS. Even then, all it takes is a VPN to circumvent even the firewall rules (unless you now want to get into the business of blocking known VPN providers). It's an endless cat and mouse game between the admin and his users.
_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
Back to top View user's profile Send private message
connect
DD-WRT Novice


Joined: 01 Mar 2020
Posts: 18
PostPosted: Thu Mar 04, 2021 8:05    Post subject: Reply with quote
I am using Linksys router 1900 ac and yes it seems like dsnmasq is no more effective how can I block this based on IP addresses via firewall? ipset is not available in my build.
Back to top View user's profile Send private message
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157
PostPosted: Thu Mar 04, 2021 9:07    Post subject: Reply with quote
Without ipset support, all you can really do is create firewall rules based on the relevant domain names (or ip addresses, of course).

Code:
iptables -I FORWARD -d xyz.com -j REJECT


If a given domain name resolves to multiple public IPs, it will create multiple firewall rules. But realize that name resolution only occurs *once* at the time the rules are added to the firewall. And so if a given domain name is known to change often, you won't catch the change unless and until the firewall is reinitialized. What you might want to do in that case is a nightly reboot so at least each day you have the latest information. Also, if you introduce an OpenVPN client, it's possible that name resolution may occur over the VPN instead once it's active, which may result in different public IPs. So it's still an imperfect solution.
_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
Back to top View user's profile Send private message
RandYanix
DD-WRT Novice


Joined: 08 Mar 2023
Posts: 1
PostPosted: Wed Mar 08, 2023 15:30    Post subject: Reply with quote
IDK about this specific firmware or setup, but I suggest checking the documentation or support forums for DD-WRT to see if there are any specific steps you need to follow to block the app properly. You can also try contacting the TikTok support team for assistance blocking the app on your device. And also, if you're interested in other solutions for blocking TikTok or other apps, check out Smart Engines' website, which offers a range of software solutions for content filtering and parental control. Here's a link to their website: https://smartengines.com/. Good luck!
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum