WikiDevi.Wi-Cat.RU:DD-WRT/Blocking URLs/IPs

Block URLs with an Automatically Downloaded Host File
I have kept the original script, which is below this one. This one is much shorter, but does even more checking than the other one. It tries to download the file at least 5 times after startup An even better solution is offered in my set of optware scripts where it will also run pixelserv on the router. I didn't like the cronjob approach because the list is quite static.

frater Braian87b - Edit Note : 2013-02-03 The URL actually redirects to: http://winhelp2002.mvps.org/hosts.txt you could use it instead. You see the "/tmp/dlhosts" filepath? well you need to add that as "addn-hosts=/tmp/dlhosts" (without quotes) to "Additional DNSMasq Options" textbox and enable the three "DNSMasq", "Local DNS", "No DNS Rebind" checkboxes. Or you can add this line (it will add the addn-hosts setting to dnsmasq.conf file)

IMHO the following script is deprecated, but I left it for comparison.

This was originally taken from mraneri from the Linksys forum, but was heavily modified. This script automatically downloads a host file from: "http://www.mvps.org/winhelp2002/hosts.txt" and redirects all the URLs in that file to 127.0.0.1. All those URLs are common malware or advertisement sites so is better to block them. You can also download the file, modify it with new URLs that you want to block or delete the ones you don't want to block and then upload to a web site and change the URL in the code to your custom one. Be aware that the more URLs in the file the more RAM that you will be eating from your router. Check the file size and your free memory to see if it will suit you. If not just erase some URLs... If you want to block all URLs since the router boots then just placed in the startup scripts.

--Brueggmann 10.17.2010 - I've modified the "killall" line as sending a HUP didn't reread the configuration file for me. Please see the dnsmasq man page.

Update by Aviad (A.K.A. Hotfortech): While the above works just fine, there are two main disadvantages of the above method:

1. The blocked content will be shown as "page cannot be displayed" within the websites advertisement segments and will cause the page to not load until the browser gives up on the missing object.

2. If you want to add sites to the block list, you have to do it on a per host bases... (tedious)

Enter shameless self promotion -> I have created a script on my wiki that deals with the above and more by using the pixelserv method described in the forum. you can find the script and a detailed explanation on how it works on my wiki: http://hotfortech.wikispaces.com/How+to+remove+advertisements+with+pixelserv+on+DD-WRT

Hope this helps anyone.

BobLfoot - Edit Note : 2011-01-14 added line "dnsmasq --conf-file=/tmp/dnsmasq.conf" to the script as it was stopping dnsmasq, but not restarting it. Also found that adding " grep addn-hosts /tmp/dnsmasq.conf ||	echo " " >>/tmp/dnsmasq.conf made sure that the dnsmasq.conf addition went on a new line. Script might be made leaner through \n usage but that is untested.

Braian87b - Edit Note : 2013-02-03 In addition you can add this firewall script to Intercept all DNS requests to dnsmasq even if someone in network has manual added their own DNS addresses in their Device (PC, Laptop, Smart Phone, etc...).

Global Blacklisting per MAC
If you have a lot of DD-WRT routers, then denying of access for abusing users through the web interface of each router can be time consuming. Here is a small firewall script to automatically download MAC-addresses of computers that should be denied access. The format of the file is Unix textfile one MAC address per line. The script assumes that you have a jffs partition. You can run it at startup by saving it as /jffs/etc/config/wifi_bl.wanup

White Listing
If you want to create a white list to block access by default but allow certain traffic through, then you can use this script to do it. Remove any junk comment lines beginning with # to save nvram space. Discuss here.

Version 6

 * Ad_blocking