For many reasons (privacy, security, political etc). You might have been using a few ways to avoid get (or being sent) some information on the Internet.
Such as using Enhanced Tracking Protection in Firefox to avoid being tracked by websites. An ad blocker on your computer or phone. Avoid using some websites or apps. A VPN to avoid being monitored by your Internet service provider.
In this blog post. I’m going to show you how to block IP addresses.
Two majority ways are:
The Eaiser Way
DNS blocking on NextDNS
Almost all websites and apps need DNS for locating and identifying. A customizable DNS server will satisfy most of your needs. And a free service are already available on today’s Internet.
It supports many protocols and platforms. Comes with a clean web managemnt page. Many blocklists, TLDs block, custom list are available.
Home Router Way
DNS blocking on OpenWrt
On my OpenWrt router I use two DNS related packages.
OpenWrt Documentation DoH with Dnsmasq and https-dns-proxy
opkg install https-dns-proxy luci-app-https-dns-proxy
OpenWrt Package DNS based ad/abuse domain blocking
opkg install adblock luci-app-adblock
If you enabled Force Router DNS in
https-dns-proxy and installed
adblock. DNS query (tcp/udp on 53 or 853 port by default) will be hijacked and filtered by
Large source requires large RAM. And some features NextDNS do but
adblock don’t support such as blocking TLDs.
adblock don’t satisfy your needs. A workaround is change upstream DNS server to NextDNS in
That will be a double DNS filtering.
IP address blocking on OpenWrt
GitHub repo: kravietz/blacklist-scripts
These scripts use
iptableswith highly efficient
ipsetmodule to check incoming traffic against blacklists populated from publicly available sources.
I modified the script to fix a issue and supported HackingGate/Country-IP-Blocks.
View my modification note on GitHub Gist Comment.
Home Raspberry Pi Way
DNS blocking on Pi-Hole
More powerful than OpenWrt’s
For homebridge-raspbian-image uesrs. Read the Wiki (https://github.com/homebridge/homebridge-raspbian-image/wiki/How-To-Install-Pi-Hole).
Pi-hole don’t support DoH. You’ll need additional tools. Or you can keep using
https-dns-proxy (Force Router DNS enabled).
You can keep using NextDNS or
adblock or both (that’ll be a triple DNS filtering) on OpenWrt router depend on you.
Home VPN to allow you benifit away home
Setup WireGuard server on OpenWrt
Setup WireGuard server Raspberry Pi
Go to Pi-hole documentation and follow the guide.
- Should I stop using ad blocker extension on my web broswer?
- Can I use both my home VPN and a third-party VPN service in the same time?
No (Because normally a third-party VPN will bypass your home protections). Ask what features are avaliable on your VPN provider, such as custom DNS, custom route, etc. Or consider setup a VPN on a VPS.