Comments on: How To: Block Access To Specific Websites from your Router using Tomato Firmware

By: How to block a website by its IP address(s) in Tomato firmware for routers

How to block a website by its IP address(s) in Tomato firmware for routers — Sat, 01 Jun 2013 21:50:52 +0000

[...] https://www.linuxquestions.org/quest…096/page2.html http://r3dux.org/2009/12/how-to-bloc…mato-firmware/ [...]

By: cspyr0

cspyr0 — Sun, 12 May 2013 00:55:58 +0000

Nice examples, thanks!

I would point out that it doesn’t really use regex, though. As far as I can tell, it only uses the caret (^) and dollar ($) signs, which work as they do in regex, but it doesn’t include anything useful beyond that (which is a shame, because with full regex syntax it would be easy to make this into a whitelist instead of a blacklist).

By: Chris

Chris — Tue, 05 Mar 2013 20:08:10 +0000

I used this to block Pandora at work! (we have a 1.5 Mbps connection!)

By: r3dux

r3dux — Wed, 16 Jan 2013 11:01:47 +0000

I'd prolly just use adblock plus for something like that: http://adblockplus.org/

By: licess

licess — Tue, 15 Jan 2013 03:36:45 +0000

how to only block a url like nownews.com/include_v11/js/ad_tab.js
thanks

By: r3dux

r3dux — Fri, 21 Dec 2012 05:40:17 +0000

Can this be done?
Yes.

Would this plan work well?
Hard to say – although you can set up the router to restrict access and remotely administer the router, the user will have physical control of the router – which means that they can just turn it on and hold the reset button for a while to return the router to default settings. You would then know that the router had been tampered with by the fact you can no longer remotely administer it !

Personally, I don’t think it’s a great idea. From my understanding of what you’re up to, I think you’d be better off setting up a VPN for the users to connect into and write a nice clear VPN access guide for them to be able to actually hook in.

By: Chris

Chris — Thu, 20 Dec 2012 15:17:13 +0000

We run virtual call centers and are hiring agents from throughout the US. I would like to send new employees specific routers to use and preset them to allow only the sites we want them to access during working hours, but it is essential that I can adjust these settings remotely. Can this be done? Would this plan work well?

By: r3dux

r3dux — Sat, 08 Dec 2012 06:11:14 +0000

I don’t think so… But you can kinda bodge it:

In theory, you could divide your network into two subnets: one for all normal PCs, and one for the specific PC you want to restrict.

You could then assign a static IP address to the PC you want to restrict so that it ends up in the restricted subnet.

You could then force all PCs in that restricted subnet to redirect DNS enquires to the on-router DNS service, which you would fill with precisely nothing — except the domains you want to make available.

This means that all lookups except for the sites specified will fail, but users could (if savvy enough) just go to a site by it’s IP address.

Sounds like a lot of hassle to me, and a bit rubbish. So I just hit Google up for “tomato firmware whitelist” and found this IPTables script – first hit:
http://tomatousb.org/forum/t-270922/access-restriction-with-whitelist

God bless the Internets

By: FollowSteph

FollowSteph — Sat, 08 Dec 2012 04:43:25 +0000

Is there a way to block all domains/ips from a specific computer except those that you whitelist. In other words I want to block everything except what I explicitely allow on a specific computer.

By: r3dux

r3dux — Tue, 13 Dec 2011 09:54:35 +0000

Great solution – thanks for taking the time to share =D