Website Blocking

Discussion in 'Tomato Firmware' started by mikester, Mar 16, 2007.

  1. mikester

    mikester Network Guru Member

    Is there an easy way to set up a default screen for blocked/dropped pages?

    I set up a rule under access restriction to block traffic based on a list of unwanted keywords...kills web ads/spammers/trackers.

    Works well but a little feedback would be nice. Right now the page is left blank. My problem lately is that certain "good" websites have been dropped and I can't figure out if its a DNS or a WRT issue.

    Ideally I want to make a basic web page with the words "Blocked" whenever the access restriction is in effect.
  2. pharma

    pharma Network Guru Member

    Have you looked into using PeerGuardian or TOR/Prioxy? Since the ip's & names advertisers and trackers use constantly change getting the latest updates might be a problem. With Peer Guardian it will give you the history you're looking for -- 'blocked' or 'allowed' ip's based upon "allow/block" lists.
    When using one or both of the above you wouldn't have to worry about manually making the changes yourself every few days.

    What's nice about your idea is it's done at the router. I think ZoneAlarm comes out with a hardware router that has it's firewall included. Any "privacy" blocking in this case is done at the router.

    Router link
  3. Hi,

    could you give some details about how you did this website blocking?

    I would love to filter all adult websites for my kids.


  4. mikester

    mikester Network Guru Member

    Hi Fred,

    Under "Access Restriction" create a new rule - I called mine "Keyword Blocking"

    Check off:
    Schedule - all day, every day
    Applies to all

    Under "HTTP Request" text box add a list of your undesireable keywords


    Save your rule and voila...all the nasties are dropped and the user gets a blank web page.


    I've slowly been building my kill list by keeping an eye out for weird connections made by apps like WindowsMediaplayer, Messenger, etc. I was surprised the other day when I played a video from my digital camera and saw that it was connecting to websites like and Zonealarm just let it go by as it uses port 80. One day I'll have to run wireshark and see what info WMP is sending to walmart. M$ buggers are the biggest spyware promoters around.

    I figure I can spam filter myself without some company other than my ISP profiting by selling my internet surfing logs to spammers. If you use the internet for banking I strongly urge you to reconsider using these proxy services as your "security" goes out the door with the third party in between...

    I got the idea from my old NETGEAR router which gave a "Blocked by Netgear" message whenever something failed the packet test.
  5. pharma

    pharma Network Guru Member


    That's the reason I started to use PeerGuardian. I noticed some of my p2p downloads were going out on http - port 80. With peerguardian it put a quick stop to these and any potentially dangerous ip's, but it is flexible enough allow you to create point-click "white lists" of ip's to ignore. The updated PeerGuardian list I download every 2 days contains over 7.3 million potential dangerous ip's, but they have different lists that cover other areas.

    While most of these are advertising/media/internet/software related companies I still like my privacy when engaged in p2p. To give you an idea, sometimes when I download p2p I see occassional blocks on port 80 to Sony Corporation or Time Warner. It could be someone downloading the same file via the corporate network, but why take a chance? I noticed some http blocks here at Linksysinfo.

    So I primarily engage the http block when I'm downloading, and turn it off when I'm not. Any autonomous browsing is done with a TOR/Privoxy proxy (OpenSource) - actually govt employees use this when travelling.

    Anyway I'm glad it you're able to do this with Keyword blocking at the router level.
  6. jeradc

    jeradc LI Guru Member

    Can you run PeerGuardian on Tomato?
  7. pharma

    pharma Network Guru Member

    No, PeerGuardian runs with your Operating System and the driver filters packets at the kernel level. In my case it filters the packets before the ZoneAlarm firewall.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice