[fre]

Dear community,

I'm using a Linksys WRT1900ac v1 with latest DD-WRT version (33492). I would like to setup some access restrictions by IP-address, but I can't manage to set it up.
Starting from a fresh DD-WRT install, this is what I do in the access policy tab:
- Policy number 1
- status = enable
- Policy Name = test
- pc's: I give a range 192.168.1.2 ~ 192.168.1.254
(I do not touch individual IP's or MAC addresses)
- I choose filter
- days: everyday
- times: 24 hours
- blocked services: I change nothing
- Website blocking by URL: I fill in www.google.com and www.google.be
I click 'save' and 'apply settings'.

When I go to www.google.be or www.google.com with my PC on the same lan (ip address 192.168.1.116 (dhcp)), it has access to these sites, it isn't blocked at all.

Same story when I want to block by keyword. When I fill in "facebook", guess what ... I still have access to facebook....

Is this a known issue, or is it something I do wrong?
I've tried with older versions of DD-WRT, but it simply doesn't block at all....

[spuriousoffspring]

There is an issue with SFE (Shortcut Forwarding Engine) interfering with several functions. You may want to try disabling it.
Setup - Basic Setup - Optional Settings

However, that’s about to become the least of your problems. The WRT1900AC v.1 does not work well with the newer builds that have the 4.9 Kernel Version.
*Causes frequent self-rebooting.

The last stable build for your router was 2 May 2017 - r31924.

It was pulled from the FTP for an unrelated issue, but can be downloaded here:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=310706

More info:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=309686

[fre]

Thank you !

I've flashed the latest stable version 31924.
Although, the same problem concerning access restrictions remains with this version. I guess I will just have to accept it and find another solution.

[ad19]

@fre, I tried it with keyword blocking and it worked for me. See attached screenshots.
The only thing is that I am on 3200acm but that should not make any difference to the software feature.



-----------------------
WRT3200ACM - Firmware: DD-WRT v3.0-r33413 std (09/27/17)

[spuriousoffspring]

There is another option. You can sign up for a free account at Open DNS (Cisco Umbrella).
They allow customization of filters.

https://www.opendns.com/home-internet-security/

https://support.opendns.com/hc/en-us/articles/227988127-Configuring-OpenDNS-on-your-Network

After you create an account & setup your filtering you will need to change the DNS Servers in DD-WRT.

Static DNS 1: 208.67.222.222
Static DNS 2: 208.67.220.220

[ad19]

@spuriousoffspring no need to change the DNS servers. You can enable DNS crypt resolver under services and use Cisco OpenDNS.

[spuriousoffspring]

Thanks, I forgot about dnscrypt as I don’t use it. Also, I use Level3 DNS Servers.

Static DNS 1: 209.244.0.3
Static DNS 2: 209.244.0.4

When I have VPN Enabled - OpenDNS servers will be on the opposite side of the Country.

With Level3 - the DNS servers will almost always be in the same State as VPN server.

Free & Public DNS Server List:
https://www.lifewire.com/free-and-public-dns-servers-2626062

[spuriousoffspring]

I thing I am unsure of:

If you configure an OpenDNS account for specific filtering, will those filters be applied by only by selecting OpenDNS / OpenDNS FamilyShield resolvers in dnscrypt?
Or...
Will you also need to set router’s DNS to OpenDNS as well?

[ad19]

You don't need to set the router's DNS although it can also be done. But selecting OpenDNS FamilyShield in dnscrypt should suffice.

[spuriousoffspring]

[ad19]

If memory server me right, I think you can add custom filters to your account too, over and above the pre-configured filters. I used it some time back but am not using it now.
Along with setting up the account, you also need to update your IP address in the account. If you have dynamic IP assigned, you need a small service on your laptop that will update the current IP address to your OpenDNS account.

[spuriousoffspring]

Yes, you can add your own filters. Also, after creating an account the OpenDNS Dashboard will auto-detect your current IP.

https://dashboard.opendns.com

This is also where you customize your content filtering.

What I am not certain of is if you must have OpenDNS set as your router's primary & secondary DNS in order for the added filtering to be applied or if simply setting OpenDNS as your dnscrypt resolver will do.

[ad19]

Just setting OpenDNS as your dnscrypt resolver will do. It worked in my case. I never set the DNS resolvers in router.

[ad19]

Cisco also has a link to test your setting, if you are using their DNS. Just click on that link and it will tell you if you are using the correct service.

[spuriousoffspring]

Thanks!

I logged in to my OpenDNS Dashboard which I haven’t done in awhile.

I found the software you mentioned:
Under Support Tab there’s a link to download Client Side Software for Windows & Mac to keep your dynamic IP updated.

Also, you can customize your filtering by a single IP or a range of IP Addresses.
You don’t have to use FamilyShield. The standard OpenDNS has different levels of filtering as well as customize.

I’m not entirely sure why you would block Facebook and not porn.....wait.....never mind that makes perfect sense.