Menu
What's new
By:
Filters Better Search

Blocking specific apps on router or in scripts

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

T

Tbjeffee

New Around Here
Hello, I'm wondering if it's possible to block specific apps on the home network?
My niece seems to have made it a habit to grab grandma's, moms and dads debit/credit cards and spend money on Roblox. Her mother finally decided to block her use of Tik Tok (bad influence and the people she's talking to) and Roblox. I would like to ban the use of these while she is here but I have having trouble. I'd like to avoid setting up pi-hole (as I don't own a Raspberry Pie) when my RT-AC3100 is already doing most of the other things it does.

So far as of posting this I've only been successful in blocking the website in a browser but the apps still function as normal.

Things I've done.
Used YazFi to make a guest network using OpenDNS and blocking domains there. Even the websites were still working after blocking. It only allows 25 entries and the list for tiktok i've seen is massive.
Blocked these IP ranges for tiktok in Skynet; 103.136.220.0/24 and 103.136.221.0/24. Can't seem to block the ipv6 range.
wildcard blocked tiktok.com, roblox.com and rbxcdn.com in diversion. Since then the websites are blocked in the browser but the apps still function.

So is there anything I can do? I've found the regex list people use in pi-hole. Can that be used with a script for Asus-merlin?
I've also found Pfsense threads with lists to block everything from bytedance, is there somewhere I can import that?


Thanks for the assistance.

Router is an Asus RT-AC3100
Asus-Merlin version 384.18
install scripts:
Diversion
Skynet
YazFi
uiDivStats
Entware Packages for above scripts

I used to have unbound but I kept having DNS problems so I removed it and had to factory reset to resolve the issues after it was removed.
 
Be forewarned, blocking it not always possible. Most blocking schemes are based on manipulating DNS, but this assumes the app uses DNS! Nothing prevents the app from using explicit public IPs, or even a VPN! Just depends on how much effort the developers are willing to expend to get around your restrictions.

Still worth trying of course, but just realize that in the end, it's almost impossible to stop access to a domain/ip unless somehow you can find each and every one they use (and that's sometimes not an easy task) and block it at the firewall level, NOT DNS. Even then, they could change their domains/ips all the time to thwart even that.
 
Tbjeffee said:
Hello, I'm wondering if it's possible to block specific apps on the home network?
My niece seems to have made it a habit to grab grandma's, moms and dads debit/credit cards and spend money on Roblox. Her mother finally decided to block her use of Tik Tok (bad influence and the people she's talking to) and Roblox. I would like to ban the use of these while she is here but I have having trouble. I'd like to avoid setting up pi-hole (as I don't own a Raspberry Pie) when my RT-AC3100 is already doing most of the other things it does.

So far as of posting this I've only been successful in blocking the website in a browser but the apps still function as normal.

Things I've done.
Used YazFi to make a guest network using OpenDNS and blocking domains there. Even the websites were still working after blocking. It only allows 25 entries and the list for tiktok i've seen is massive.
Blocked these IP ranges for tiktok in Skynet; 103.136.220.0/24 and 103.136.221.0/24. Can't seem to block the ipv6 range.
wildcard blocked tiktok.com, roblox.com and rbxcdn.com in diversion. Since then the websites are blocked in the browser but the apps still function.

So is there anything I can do? I've found the regex list people use in pi-hole. Can that be used with a script for Asus-merlin?
I've also found Pfsense threads with lists to block everything from bytedance, is there somewhere I can import that?


Thanks for the assistance.

Router is an Asus RT-AC3100
Asus-Merlin version 384.18
install scripts:
Diversion
Skynet
YazFi
uiDivStats
Entware Packages for above scripts

I used to have unbound but I kept having DNS problems so I removed it and had to factory reset to resolve the issues after it was removed.
Click to expand...
I recommend looking into the block feature of Skynet, option 2.

Code: 
Select Menu Option:
[1]  --> Unban
[2]  --> Ban
[3]  --> Malware Blacklist
[4]  --> Whitelist
[5]  --> Import IP List
[6]  --> Deport IP List
[7]  --> Save
[8]  --> Restart Skynet
[9]  --> Temporarily Disable Skynet
[10] --> Update Skynet
[11] --> Settings
[12] --> Debug Options
[13] --> Stats
[14] --> Install Skynet
[15] --> Uninstall

[r]  --> Reload Menu
[e]  --> Exit Menu

[1-15]: 2

What Type Of Input Would You Like To Ban:
[1]  --> IP
[2]  --> Range
[3]  --> Domain
[4]  --> Country
[5]  --> ASN

use nslookup to find the ip for a domain.
Code: 
# nslookup tiktock.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      tiktock.com
Address 1: 35.186.238.101 101.238.186.35.bc.googleusercontent.com

Use entware utility "whob" to find the ASN associated with the IP address.
Code: 
# whob 35.186.238.101
IP: 35.186.238.101
Origin-AS: 15169
Prefix: 35.186.0.0/16
AS-Path: 2905 15169
AS-Org-Name: Google LLC
Org-Name: Google LLC
Net-Name: GOOGLE-CLOUD
Cache-Date: 1597564606
Latitude: 37.405992
Longitude: -122.078515
City: Mountain View
Region: California
Country: United States
Country-Code: US
 
Tbjeffee said:
Hello, I'm wondering if it's possible to block specific apps on the home network?
My niece seems to have made it a habit to grab grandma's, moms and dads debit/credit cards and spend money on Roblox. Her mother finally decided to block her use of Tik Tok (bad influence and the people she's talking to) and Roblox. I would like to ban the use of these while she is here but I have having trouble. I'd like to avoid setting up pi-hole (as I don't own a Raspberry Pie) when my RT-AC3100 is already doing most of the other things it does.

So far as of posting this I've only been successful in blocking the website in a browser but the apps still function as normal.

Things I've done.
Used YazFi to make a guest network using OpenDNS and blocking domains there. Even the websites were still working after blocking. It only allows 25 entries and the list for tiktok i've seen is massive.
Blocked these IP ranges for tiktok in Skynet; 103.136.220.0/24 and 103.136.221.0/24. Can't seem to block the ipv6 range.
wildcard blocked tiktok.com, roblox.com and rbxcdn.com in diversion. Since then the websites are blocked in the browser but the apps still function.

So is there anything I can do? I've found the regex list people use in pi-hole. Can that be used with a script for Asus-merlin?
I've also found Pfsense threads with lists to block everything from bytedance, is there somewhere I can import that?


Thanks for the assistance.

Router is an Asus RT-AC3100
Asus-Merlin version 384.18
install scripts:
Diversion
Skynet
YazFi
uiDivStats
Entware Packages for above scripts

I used to have unbound but I kept having DNS problems so I removed it and had to factory reset to resolve the issues after it was removed.
Click to expand...
Are you using DNS Filters to force all devices to resolve through the router? I tried wildcard blocking tiktokv.com, tiktokcdn.com and everything Tiktok related broke.
 
An end optio
ColinTaylor said:
Answered here:
http://www.snbforums.com/threads/re...ewall-security-enhancements.16798/post-510825
Click to expand...

Thanks for the link, page never came up in my searches.


Yo_2T said:
Are you using DNS Filters to force all devices to resolve through the router? I tried wildcard blocking tiktokv.com, tiktokcdn.com and everything Tiktok related broke.
Click to expand...

On the guest network using YazFi I enabled the force DNS option so I didn't get around the OpenDNS settings i made and my main PC has the program downloaded to refresh my IP for the DNS settings.
I added wildcard blocking for those two domains and tiktok is still working.


Thanks for the replies. I will the these settings suggested in the thread.
 
Last edited:
Last edited:
You must log in or register to reply here.

Similar threads

D
Blocking GoogleDNS & others via Diversion, Firewall-NSF &/or static routing
Replies
11
Views
1K
drinkingbird
drinkingbird
S
Another DNS Director clarification
Replies
1
Views
475
L&LD
L&LD
D
Solved Diversion 5.0 no type 65 blocking?
Replies
2
Views
653
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
M
Blocking torrents on my network
Replies
15
Views
2K
abidarwish
abidarwish
C
Asus RT-AX56U Parental control issues
Replies
8
Views
2K
Tech9
Tech9
Similar threads
Thread starter Title Forum Replies Date
S VPN blocking MMS text messages Asuswrt-Merlin 8
B Time Scheduling blocking internet access on newest firmware Asuswrt-Merlin 9
I Blocking a device from sending DNS requests? Asuswrt-Merlin 1
macster2075 Solved Help blocking incoming traffic Asuswrt-Merlin 23
halcy0n9001 Time scheduling not blocking devices Asuswrt-Merlin 2
D Blocking GoogleDNS & others via Diversion, Firewall-NSF &/or static routing Asuswrt-Merlin 11
J AX86U constantly blocking repeated inbound connections Asuswrt-Merlin 7
drinkingbird Where is asus blocking ARP for guests? Asuswrt-Merlin 1
E Is there a way to switch a led to a specific colour by calling into a c program ? Asuswrt-Merlin 10
P Is there a way to suppress a specific message from syslog? Asuswrt-Merlin 0

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 866 (members: 12, guests: 854)
Top