Block website when wan failsover

[JShafer817]

Hi, I am using a Netgear 4G LTE Modem as a secondary wan device, but want to block netflix when the WAN failsover... You guys know a script that does this? New to using Asus Merlin.... but figured it was possible.

The netgear can be pinged with 192.168.5.1, even when it is in bridge mode, so maybe that will help.

 

[Martineau]

Hi, I am using a Netgear 4G LTE Modem as a secondary wan device, but want to block netflix when the WAN failsover... You guys know a script that does this? New to using Asus Merlin.... but figured it was possible.

The netgear can be pinged with 192.168.5.1, even when it is in bridge mode, so maybe that will help.

First you need a script to collect ALL of the Netflix domains/IP Addresses......see @Xentrk's excellent thread Selective Routing for Netflix, then you would add/delete this rule in the /jffs/scripts/wan-start script

iptables -I FORWARD -i br0 -o ppp0 -p tcp -m set --set NETFLIX dst,dst -j DROP

based on this NVRAM variable:

USB4G_ACTIVE=$(nvram get wan1_primary)

which hopefully still indicates that Dual-WAN Fail-Over (fo) has occurred.

P.S. I would have to check if the NVRAM and pppX interface are still valid...been a long time since I played with Dual-WAN Fail-Over.

 

[JShafer817]

Thanks! This is what I came up with. I decided to just ban the internet to the roku boxes that play netflix. Thanks again for your help.

Not sure why I have to sleep 60. When I run iptables -L over and over again after failover or failback, I notice the rules get set, but after like 45 seconds or so.. the rules get reset.. hence the sleep 60 so there is plenty of time. Is there more then 1 table per wan I wonder?

/jffs/scripts/wan-start

#!/bin/sh
sleep 60
USB4G_ACTIVE=$(nvram get wan1_primary)
if [ $USB4G_ACTIVE -eq 1 ]
then
iptables -I FORWARD 1 -s 192.168.1.51 -j DROP
iptables -I FORWARD 1 -s 192.168.1.52 -j DROP
iptables -I FORWARD 1 -s 192.168.1.53 -j DROP
iptables -I FORWARD 1 -s 192.168.1.54 -j DROP
iptables -I FORWARD 1 -s 192.168.1.55 -j DROP
echo "ban" > /tmp/netflix.txt
exit 0
fi
if [ $USB4G_ACTIVE -eq 0 ]
then
iptables -D FORWARD -s 192.168.1.51 -j DROP
iptables -D FORWARD -s 192.168.1.52 -j DROP
iptables -D FORWARD -s 192.168.1.53 -j DROP
iptables -D FORWARD -s 192.168.1.54 -j DROP
iptables -D FORWARD -s 192.168.1.55 -j DROP
echo "unban" > /tmp/netflix.txt
exit 0
fi