SEARCH

How-To Geek

How To Block Web Sites at the Router Level for Network Wide Filtering

routerheaderimage

A comprehensive network filtering system is overkill if all you want to do is block a handful of web sites. Read on as we show you how—with nothing more than your router—you can selectively block and temporarily restrict individual websites.

For many people a massive commercial internet filter is overkill. What if you just want to block Facebook when your kids are supposed to be doing their homework or Reddit when you’re supposed to be getting work done? You don’t need a huge system for that, all you need is the access restrictions module in your router. Today we’re looking at how you can quickly and easily block traffic on your network using router-based access restrictions.

What You’ll Need

whatyouneedtomato

For this tutorial you’ll won’t need much and you won’t have to spend a dime. Before proceed make sure you have the following things:

  • A Tomato compatible router
  • A copy of Tomato on the router
  • Administrative access to the router

We’re going to go through the tutorial as using a Linksys router running Tomato custom firmware. The steps we’re taking are largely equivalent to the DD-WRT system (you can read about selective domain blocking for DD-WRT here). If you don’t have Tomato installed on your router check out our guide to installing Tomato here. If you have it installed and you have administrative access (you know the login password for the control panel) then you’re ready to proceed.

Setting Up URL Filters in Tomato

2011-11-22_131534

For our example we’re going to setup both a total ban and a time-based ban on the social news site Reddit. Reddit fans among us will attest to the fact that the site, as fun as it can be, is an enormous time sink and a great productivity killer. First let’s take a look at the Access Restriction module in Tomato. Navigate to your router control panel, typically an address like http://192.168.1.1 and plug in your credentials. Once you’re in the main panel navigate to Access Restriction in the left hand menu—seen above. Click on it to enter the sub-menu. If you’ve never used the feature before all you’ll see in the Access Restriction Overview section is a disabled example entry like so:

2011-11-22_132959

Just beneath the example entry, to the right, is the Add button. Click that now to create your first entry.

For our first entry we’re going to make a filter, called Reddit Killer, which blocks Reddit all day, every day. Change the description name from New Rule to Reddit Killer, check All Day and Everyday, leave Applies to as All Computers/Devices, and then uncheck Block All Internet Access—if you don’t check this part, you won’t be able to specify what exactly you want to block. It should look like this:

2011-11-22_133429

When you unchecked Block All Internet Access, an entire new portion of the menu unfolded beneath the initial entry. Within this portion of the menu is where we’re going to specify the sites we want to block. 

 

Leave the Port/Applications section alone (these settings allow you to get more granular control over your filters such as filtering only BitTorrent or a specific port). In the HTTP Request section enter reddit.com and then, at the bottom right corner, click Save.

2011-11-22_140651

Back at the main screen you should see the new filter, Reddit Killer, with it’s rather encompassing “Everyday” schedule. Let’s take a look at Reddit and see if our filter is active:

2011-11-22_144143

Reddit is down? Well then. We’d better get back to work. Our filter is great success.

If you’re not quite ready for a full Reddit fast but you’d like to at least keep it shut off while you’re trying to focus on work, you can easily modify the scheduling component to, say, restrict access between 8AM and 5PM on the weekdays. Let’s click on Reddit Killer now so we can edit it.

2011-11-22_142424

Uncheck All Day and Everyday, then in the new options which have appeared, select 08:00-17:00 and Monday through Friday. While we’re at it, let’s update the Description to better reflect the purpose of the filter. Since we’re restricting access to the evenings, we’ll call our new filter Reddit Tonight.

To register the changes, click save down in the lower right corner. If you wish to further massage the settings (such as applying the restrictions to only certain computers) you can pull down the Applies To menu and create white/black lists of computers that are restricted or unrestricted. You can also easily expand your filter by adding new lines into the HTTP request box. Instead of just a Reddit Killer it could be expanded to include all the web sites you routine kill time on (Reddit, Facebook, Fark, and so on). In addition to filtering web sites you can also set up keyword filters. In short, if it’s travelling through your network you can find a way to filter it in the Access Restrictions menu.


Have a clever technique for getting more out of Tomato and/or filtering time wasting web sites and other undesirable content? Let’s hear about it in the comments.

Jason Fitzpatrick is warranty-voiding DIYer and all around geek. When he's not documenting mods and hacks he's doing his best to make sure a generation of college students graduate knowing they should put their pants on one leg at a time and go on to greatness, just like Bruce Dickinson. You can follow him on if you'd like.

  • Published 11/22/11

Comments (8)

  1. Taylor Gibb

    I Like :)

  2. chess

    Reddit blocked! What! That’s is not cool. j/k

  3. Scott

    I just use Open DNS Basic at home. Filters out all bad malware and phishing sites for me. I could block websites if I wanted…..but I choose not to.

    http://www.opendns.com/

  4. InDiSent

    Can i make it give a custom message? I’d like to block Facebook and then have a message pop up that says something like ” If you ever want to see Facebook again you’ll bring me a beer!!!”

  5. Flea

    You can also block ads in a similar manner to adblockplus in firefox.
    http://www.linksysinfo.org/index.php?threads/addon-add-blocking.25663/

    Basic instructions:
    Go to your Tomato Web Interface ( default: http://192.168.1.1 )
    Navigate: Administration -> Scripts -> WAN Up
    Copy the contents of the box below and paste it into the empty area (you do not have to chnage anything)
    Click the SAVE button at the bottom of the box.
    To enable the script: restart the router or disconnect and reconnect the WAN/internet connection.
    To test: navigate to a website with lots of adverts. (eg: http://pagead2.googlesyndication.com )

    You’ll have to go to the link to get the full script.

  6. Forrest Cool

    Reddit tonight~ Wow, what a shining moonlight~

  7. Bob

    OpenDNS is not time based, and doesnt block unrated sites – this is clever, will have to see if I can load it on my router

  8. Zio_Excel

    My Dad used to do this when me and my bro were kids to stop us watching porn, as well as use RD to see what we were up to. Now i know how to do it with my kids one day! Hahaha

Enter Your Email Here to Get Access for Free:

Go check your email!