Javier López

block youtube by IP in openwrt routers

26 Nov 2017

In previous posts I wrote about how to install openwrt as an access point or as a wireless repeater, this time I’ll show how to block youtube and other third party sites by ip. The procedure works in desktop / and mobile devices.

The target router is a TP-Link N750, and I’m using the latest trunk build.

OpenWRT uses UCI to centralize configuration, firewall rules are located at:

• /etc/config/firewall

In order to block sites by IP you’ll need to modify such file appending the desired rules, eg. for blocking YouTube:

config rule
	option name		Block-YouTube-187.189.89.77/16
	option src		lan
	option family		ipv4
	option proto		all
	option dest		wan
	option dest_ip		187.189.89.77/16
	option target		REJECT

config rule
	option name		Block-YouTube-189.203.0.0/16
	option src		lan
	option family		ipv4
	option proto		all
	option dest		wan
	option dest_ip		189.203.0.0/16
	option target		REJECT

config rule
	option name		Block-YouTube-64.18.0.0/20
	option src		lan
	option family		ipv4
	option proto		all
	option dest		wan
	option dest_ip		64.18.0.0/20
	option target		REJECT

config rule
	option name		Block-YouTube-64.233.160.0/19
	option src		lan
	option family		ipv4
	option proto		all
	option dest		wan
	option dest_ip		64.233.160.0/19
	option target		REJECT

config rule
	option name		Block-YouTube-66.102.0.0/20
	option src		lan
	option family		ipv4
	option proto		all
	option dest		wan
	option dest_ip		66.102.0.0/20
	option target		REJECT

config rule
	option name		Block-YouTube-66.249.80.0/20
	option src		lan
	option family		ipv4
	option proto		all
	option dest		wan
	option dest_ip		66.249.80.0/20
	option target		REJECT

config rule
	option name		Block-YouTube-72.14.192.0/18
	option src		lan
	option family		ipv4
	option proto		all
	option dest		wan
	option dest_ip		72.14.192.0/18
	option target		REJECT

config rule
	option name		Block-YouTube-74.125.0.0/16
	option src		lan
	option family		ipv4
	option proto		all
	option dest		wan
	option dest_ip		74.125.0.0/16
	option target		REJECT

config rule
	option name		Block-YouTube-173.194.0.0/16
	option src		lan
	option family		ipv4
	option proto		all
	option dest		wan
	option dest_ip		173.194.0.0/16
	option target		REJECT

config rule
	option name		Block-YouTube-207.126.144.0/20
	option src		lan
	option family		ipv4
	option proto		all
	option dest		wan
	option dest_ip		207.126.144.0/20
	option target		REJECT

config rule
	option name		Block-YouTube-209.85.128.0/17
	option src		lan
	option family		ipv4
	option proto		all
	option dest		wan
	option dest_ip		209.85.128.0/17
	option target		REJECT

config rule
	option name		Block-YouTube-216.58.208.0/20
	option src		lan
	option family		ipv4
	option proto		all
	option dest		wan
	option dest_ip		216.58.208.0/20
	option target		REJECT

config rule
	option name		Block-YouTube-216.239.32.0/19
	option src		lan
	option family		ipv4
	option proto		all
	option dest		wan
	option dest_ip		216.239.32.0/19
	option target		REJECT

Ensure to reboot the firewall service to apply the changes:

# /etc/init.d/firewall restart

That’s it, happy blocking 😋

• Tl-wdr4300 in OpenWRT
• OpenWRT Firewall Documentation
• YouTube IP Range

Related Entries:

• 01 Jan 2012 » bash autocompletion
• 26 Jan 2014 » introduction to drupal 7 installation profiles
• 22 Aug 2018 » minos, a tiling wm linux distribution