RT-AC66U B1 - Can MerlinWRT firmware do whitelist only website access to the web?

[Fizix]

All,

My mother-in-law is having memory issues and i would like know if the MerlinWRT firmware for the RT-AC66U B1 has a setting(s) that I can use as a whitelist for FQDN sites so she can only access sites I set up?

Otherwise I will have set it as an AP and use a separate firewall appliance.

Just thought I would check first.

P.S. It is currently on ASUS stock firmware.

Fizix

 

[Tech9]

It is currently on ASUS stock firmware.

This?

 

[Fizix]

Tech9,

Thanks! This could work if it accepts wildcard characters or allows it if it partially matches the string. So that way I can whitelist *.google.com or similar, but I do not expect it does, but the only way to find out is to give it a try. I will do that before I buy an SG-1100 for this. I will search to see if I can find what is allowed in the syntax. It may be that if it matches enough of the string it can get through and that would work.

Any other comments are also welcome.

Fizix

 

[Fizix]

P.S. I think the 64 entry limit is more than sufficient.

 

[ColinTaylor]

I will search to see if I can find what is allowed in the syntax.

See the example shown on that page. It's pretty basic.

 

[Fizix]

Actually I think ASUS can override any DNS server with the one provided by the router. Then I could use OpenDNS home basic which also has some customization. No need for a pfSense router. pfSense is what I use at home and it is great.

See the example shown on that page. It's pretty basic.

I saw that but it is incomplete. It will be experimentation to see what it does with whitelisting.
THANKS!

 

[Fizix]

All,

I think I am a little spoiled by some of the pfSense capabilities. The ASUS router cannot redirect DNS requests if it is manually assigned locally, but the pfSense router can. If you want it to you make a rule that any DNS requests get rerouted to the internal firewall which reroutes it to the assigned DNS. This keeps people (our kids in this case) from overriding it by manually setting it in their local settings.

I have tested it and it works. I also made a list of a couple of machines that are exceptions.

May still try the ASUS method, because the Mother-in-law is not tech savvy enough to get around it, and I already have the old RT-AC66U B1 sitting on a shelf

Thanks for all the input folks.

Fizix

 

[ColinTaylor]

I think I am a little spoiled by some of the pfSense capabilities. The ASUS router cannot redirect DNS requests if it is manually assigned locally, but the pfSense router can.

Merlin's firmware has this option. It's called DNS Director.

 

[Fizix]

Merlin's firmware has this option. It's called DNS Director.

Maybe one more reason to try my first MerlinWRT load on an ASUS device! Up to now I haven't tried it yet.
First time for everything!

 

[ColinTaylor]

Just be aware that DNS Director can redirect traditional DNS and block DoT, but it cannot detect DoH. With more and more browsers defaulting to DoH this is problematic. You can set the router option "Prevent client auto DoH" to Yes, but clients may still choose to ignore it (or use a VPN/proxy).

 

[Fizix]

Well she is definitely not that tech savvy!!! LOL
Good information. Thanks!