Guiderails - an auxiliary whitelist only Merlin add-on

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

WhyNetworkAtAll

Occasional Visitor
Guiderails is an add-on to Merlin's AsusWRT firmware. It adds a an auxiliary DNS service that blacklists everything and then selectively whitelists specific servers for a fully controlled and curated internet experience. The typical use case is to enable online education for young kids by blocking ALL internet sites, except for a dozen or two sites manually added by parents/teachers for an online experience that's safe and avoids time wasters.

This is unlike existing parental controls that follow a probabilistic approach based on keywords or based on large lists (e.g. OpenDNS). Note that this does NOT alter your routers primary DNS service, so the rest of your home devices are free to do whatever they want. This means you can use your ISPs/Google's/CloudFlare/PiHole/Diversion DNS service as your router's primary DNS service and Guiderails as your auxiliary DNS service for the little ones.

Please refer to https://github.com/SidShetye/guiderails for installation and usage.
 
Last edited:

L&LD

Part of the Furniture
I like this approach to blacklisting everything by default. I have a few customers that may find it useful for their young ones (or the older ones too when they need to be 'in school' and not just surfing). :)
 

thelonelycoder

Part of the Furniture
I don't see a check for Entware being installed in your script.
While Diversion installs Entware by default, amtm has an independent Entware installer.
 

WhyNetworkAtAll

Occasional Visitor
I don't see a check for Entware being installed in your script.
While Diversion installs Entware by default, amtm has an independent Entware installer.
Good point. Do you have some reference code on how to perform that check? I can simply error out with a help text like "Please install Entware via amtm (see https://github.com/RMerl/asuswrt-merlin.ng/wiki/Entware)". I also think I shouldn't be overwriting the guiderails.conf during installation. because for re-installs, it'll overwrite a user's customized version.
 

thelonelycoder

Part of the Furniture
Good point. Do you have some reference code on how to perform that check? I can simply error out with a help text like "Please install Entware via amtm (see https://github.com/RMerl/asuswrt-merlin.ng/wiki/Entware)". I also think I shouldn't be overwriting the guiderails.conf during installation. because for re-installs, it'll overwrite a user's customized version.
I run two tests that might be useful to you.

This is a basic test for Asuswrt-Merlin:
Code:
[ -f /usr/sbin/curl ]
And this checks for Entware being present:
Code:
[ -f /opt/bin/opkg ]
Also, since you use a virtual IP, a check needs to be run against Access restriction in Administration > System.
If set, a rule needs to be added, the code is in the Diversion install.div file set_access_restriction() function to add an exception.
To remove the access restriction, see functions.div at the bottom in function remove_diversion().

When re-installing, do a test if the config file is present and prompt the user with an option to overwrite or not.

And think ahead and add a menu driven user interface so less technical users are able to use your script, with the advantage of your script being ready to be added to amtm at some point.
 

WhyNetworkAtAll

Occasional Visitor
I run two tests that might be useful to you.

This is a basic test for Asuswrt-Merlin:
Code:
[ -f /usr/sbin/curl ]
And this checks for Entware being present:
Code:
[ -f /opt/bin/opkg ]
Also, since you use a virtual IP, a check needs to be run against Access restriction in Administration > System.
If set, a rule needs to be added, the code is in the Diversion install.div file set_access_restriction() function to add an exception.
To remove the access restriction, see functions.div at the bottom in function remove_diversion().

When re-installing, do a test if the config file is present and prompt the user with an option to overwrite or not.

And think ahead and add a menu driven user interface so less technical users are able to use your script, with the advantage of your script being ready to be added to amtm at some point.
The entware check is simple but the rest starts snowballing. IMHO, a better option would be if Guiderails was simply another option on your Diversion 'b' (blocking) menu. The code for Guiderails is small and configuration is fully independent. I hope you consider it.
 

thelonelycoder

Part of the Furniture
The entware check is simple but the rest starts snowballing. IMHO, a better option would be if Guiderails was simply another option on your Diversion 'b' (blocking) menu. The code for Guiderails is small and configuration is fully independent. I hope you consider it.
I like the idea, though it diverts from Diversions main purpose.
May have to bend my conservative rules a bit there ;)

As this requires a separate set of whitelist and blacklist and maybe even a third blocking list, this will take some time to add to Diversion.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top