How To Manage Access Restrictions & Site Blocking in DD-WRT

Best DD-WRT Router of 2015 - Asus RT-AC87U

Asus RT-AC87U FlashRouter – Best Router for Managing Access Policies

Managing DD-WRT Access Restrictions

Access Restrictions can be configured to control what Internet content is available to the users on the LAN (Local Area Network). This may be beneficial for many reasons, including Office Control (limiting personal use during office hours) and Parental Control (restricting what websites can be accessed during and after school hours).

FAQ: What are the Benefits of using Access Controls with a Router?

Besides standard Office Control and Parental Control, there are many benefits to using a DD-WRT router with access restrictions capabilities. Here are some frequently asked questions concerning access controls and DD-WRT.

Can I have faster Internet with DD-WRT access controls?

While Internet speeds rely on many factors, primarily the modem connection to the ISP, you can still prioritize the speed of your connection by blocking sites and services that can cause a massive delay for your Internet speed with DD-WRT network performance management. Are your teenagers clogging up your Internet with late night rounds of Halo on their Xbox? Simply use DD-WRT access controls to block the MAC address of the Xbox, and your connection should be much faster.

Can I block Torrent use with a DD-WRT router?

Torrenting can really eat up active bandwidth therefore inhibiting speeds of your home network, as well as possibly get you in trouble with your ISP for illegally downloading copyrighted content. Using keywords like “torrent” or “p2p” within access restrictions can help block torrent sites on your network, which will take the load of these torrents off of your connection as well as make your network a safer place.

How can I setup a Parental Control access policy?

Setting up Parental Control access restrictions is the same as setting any other kind of access restrictions. Simply enter in keywords for gaming, adult content, or services you would not like your children to use, and the sites and services will be blocked. You can even set the router to only access select sites, so if you would like your children to be limited to specific educational sites, you can do so using the same settings.

The Untangle Alternative

While managing access restrictions and policies is one of the many features included with DD-WRT firmware, it’s functionality is not something that FlashRouters can guarantee as there increasing complexity with websites and services in regards to their URLs and capability of avoiding blocking. For these reasons, our support team does not directly support implementation of feature.

As an alternative to a FlashRouter with DD-WRT firmware, we offer the Untangle Linksys WRT1900ACS FlashRouter. With this custom smart router, the NG Layer 7 Firewall is finally available on an out-of-the-box open-source flashed consumer appliance.

If acccess restriction and bandwidth limitation are the main focus of your implementation, the Untangle NG Firewall Router offers app-level customization with a single pane view like those of high-end enterprise firewall products. This makes it ideal for:

  • Logging traffic
  • Access restrictions
  • Creating rules for managing access to websites, applications, and content based on criteria like device, user, geo-location, time of day, day of week and more.

There are many other features as well depending on which plan (free or paid) that you sign up for with Untangle. To see more about this powerful network monitoring appliance option, check out Untangle Router Features.

How To Setup Access Policies in a DD-WRT Router

Here is a helpful DD-WRT Access Restrictions setup guide that will allow you to easily setup these restrictions on your router.

Logging into the DD-WRT Access Restrictions Setup

  1. Open your web browser and in the URL bar type 192.168.1.1
  2. Enter the username and password (root/admin)
  3. On the top menu bar, locate the Access Restrictions page

DD-WRT Access Restrictions Setup

Managing Router/Internet Access Policies, Website

On the DD-WRT Access Restrictions Setup page, you will see the following fields presented from top-down:

  • Access Policy
  • Day
  • Time
  • Block Services
  • Website Blocking by URL Address
  • Website Blocking by Keyword

DD-WRT allows up to 10 individual Access Policies to be configured. This is useful in a situation where you have different users that have different levels of access or want to create a variety of timetable for Internet access for different users.

Note: There is a wide range of Access Policies that could be implemented. The policies implemented here are for example only, and it is recommended that only Advanced Users should attempt the configuration. If Internet connectivity is lost or some websites appear to be blocked, it may be a result of incorrect configuration, and all the Access Policies should be disabled as a first step.

Example: Office Deployment

In our example, the DD-WRT router is installed in an office to give office workers access to the Internet. The company IT policy does not allow the personal use of the Internet during business hours. However, as a courtesy before and after business hours, office workers can use their office PC for Internet banking and reading the news.

Policy (1) Work:

To do this there is a website restriction policy in place that blocks access to websites requiring log-in screens such as e-mail, blocking of file sharing websites and others that may distract works such as auction sites and personal e-mail. A timetable will be configured to restrict access from 9 am to 5 pm outside of these hours there is full access to the internet.

Policy (2) Weekend:

As the office is unattended on weekends, there is a second policy that denies all Internet access on Saturday and Sunday.

Access Restriction Policy & Setup on DD-WRT

Access Policy Work in DD-WRT Access Restrictions Setup

First we sill start with setting up Policy (1) Work.

1. Create Access Policy Main Details.

  • Policy: Select the policy number to create or edit. For Work Policy select (1).
  • Status: Enable or disable the policy. For Work Policy select Enable.
  • Policy Name: Can be any value, in this case, it is called “Work.”
  • PCs / Edit List of Clients: Edit the list of LAN PCs or network devices which will be subject to the access policy. This is covered in the next section.
  • Deny /Filter: Deny will block all access during the specified timetable. Filter will apply the access policy in the later fields “Blocked Services”, “Website Blocking by URL Address” and “Website Blocking by Keyword”. For Work Policy select “Filter”.
  • Days and Time: Select the days and time when the policy will be active. For the (1) Work policy example, configure the days Monday – Friday and 9:00 – 17:00 as the time when these policies will be active.

2. Edit List of Clients

Access Policy IP Address in DD-WRT Access Restrictions Setup

Select Edit List of Clients in the access policy field. The above dialog will appear. Here there are several options to determine which LAN PCs and devices will be subject to the access restrictions.

  • Enter MAC Address of the Clients: The client or connected devices can be specified by its MAC or Hardware address. This is useful for system using WiFi or DHCP as the client may have a new IP address each time they connect to the network. For information on finding the MAC address, see xxxxx.
  • Enter the IP Address of the Clients: if the PCs always use the same IP address (static IP) the addresses can be entered here.
  • Enter the IP Range of the Clients: if there is a IP address pool used for the clients that will be subject to the access restrictions, enter it here.
  • Back to the Work access policy, we will enter 192.168.1.100 ~ 192.168.1.200 in the IP range, which is the address range of the office worker PC.
  • Then press Save and then Apply Settings.

Your DD-WRT router Work Policy is now complete.

3. Creating the Weekend Policy

Access Policy Weekends in DD-WRT Access Restrictions Setup

Policy (2) is the for the weekends. Here entry (2) is selected from the drop down box, “Weekends” is used as the name and PCs is set to Deny.

The Day and Time fields are then completed, Sat & Sun for the weekend and 24 hours for the time.

Then press Save and then Apply Settings.

4. Creating Time Limits with DD-WRT

Access Policy Timetable in DD-WRT Access Restrictions Setup

Back to the Access Policy field, press the Timetable button and a dialog appears showing the access policy in the hours that have been configured.

5. Select Services To Block

Blocked Services in DD-WRT Access Restrictions Setup

Return to the Access Policy field and select (1) Work. The Access Policy for services and websites will now be configured.

To do this scroll down to the Block Services field and check Catch All P2P Protocols. This blocks all file sharing applications such a torrents in this access policy.

For Advanced Users: Next a new service will be added to block login pages to websites such as email. To do this press Add/Edit Service.

Blocked Services Ports in DD-WRT Access Restrictions Setup

All websites that have login pages use HTTPS and TCP port 443. To restrict access to these name the service HTTPS, select TCP for protocol and the Port range 443~443.

Press Add to add the service, then Save followed by Apply Settings.

Close the dialog and check the Blocked Services field.

Blocked Services in DD-WRT Access Restrictions Setup

The DD-WRT router is now configured to block all P2P Protocols and HTTPS. In the (1) Work Example access to websites requiring log in and P2P protocols such as file sharing are now blocked in this configuration.

Best DD-WRT Routers for Access Restrictions

FlashRouters

The FlashRouters Support Routers Advantage

FlashRouters offers many routers with DD-WRT firmware installed. If you are using a router flashed with DD-WRT, you open the door to using your router as a VPN connection, a repeater for a 3G/4G MiFi HotSpot, a central DNSMasq hub, and much more.

Router of the Day - The Netgear Nighthawk X4S R7800 DD-WRT FlashRouter

The Netgear Nighthawk X4S R7800 DD-WRT FlashRouter

From the powerful mid-range Asus RT-AC56U to the extremely powerful Netgear Nighthawk R7800, complete with a 1.7 GHz processor and 4 external antennae, our premium DD-WRT routers offer advanced functionality right out-of-the-box to save you time, and allow you to take control of your network. Want to see a highlighted selection of the best DD-WRT installed routers? Take a look at our best latest bestselling DD-WRT routers list.

More Policy Access in a DD-WRT Router

2017 Editor’s Note:  Due to the many variances in website URLs for mobile, streaming devices, computers etc, it is not recommended you use this method for larger websites like Amazon, Netflix, Google etc with many alternatives and workaround options.

The following info for Website Block by URL and Keyword is for informational purposes but  may not function effectively as the measures above. To see more about this powerful network monitoring appliance option, check out Untangle Router Features.

1. Website Blocking by URL Address

Website by URL in DD-WRT Access Restrictions Setup

This field is used to define individual websites that should be blocked in the access policy.

In (1) Work example websites that would be frequently accessed for personal use can be added, here there is eBay, Amazon and YouTube.

The DD-WRT router can be configured to block any websites as per the network requirements or IT policy.

2. Website Blocking By Keyword

Website by Keyword in DD-WRT Access Restrictions Setup

This field is used to define keywords that would appear in the webpage description field. The keywords can be configured according to network requirements or IP policy.

In (1) Work example websites that would be frequently accessed for personal use can be added, here there is Ebay, Amazon and Youtube.

The last step to press Save and Apply at the bottom of the page. This will save the Access Policy settings for the access policy select in the Access Policy field at the top of the page.

Note: There are a wide range of Access Policies that could be implemented. The policies implemented here are for example only, and it is recommended that only Advanced Users should attempt the configuration. If internet connectivity is lost or some websites appear to be blocked, it may be a result of incorrect configuration, and all the Access Policies should be disabled as a first step.

7 thoughts on “How To Manage Access Restrictions & Site Blocking in DD-WRT

  1. Paul Chapman

    Thanks for this, it’s a good guide. What about if you want to restrict access by user? The closest I’ve come to finding that is NoCatSplash. i.e. I’m looking to set up this – when a child uses a browser they have to put a username in. Based on that user name they get certain websites. iptables/ipchains doesn’t know about users.

    Reply
  2. MikeP

    Did you know that the access restrictions function is broken in most DD-WRT firmware versions? The setup feels very comprehensive but they’re just a placebo – the restrictions are not actually applied.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *