RevRico
RevRico UltimaDork
1/23/22 12:09 a.m.

For reasons, I need to block someone's access to discord. If I do it on the device, it wouldn't be hard to unblock. 

Modem Netgear CM1000v2

Router Archer AX50

The parental controls in the router don't block https, so they don't block discord. The AX50 has an Intel Li something chip, which according to the internet's means Open WRT is off the table. 

It supposedly has a built in firewall, but all the gui gives you is an on off switch, nothing for rules. 

The modem has nothing as far as controls when I login though the web. 

So my thought is hardware or software firewall, block ports 50000-65535 on the devices used, and call it a day. 

Or is there a better tool for this particular job that I'm unaware of? Some sort of DNS changes? Something to make use of my Pi 4 B?

Floating Doc (Forum Supporter)
Floating Doc (Forum Supporter) GRM+ Memberand PowerDork
1/23/22 3:20 a.m.

I'm no help, I was thinking in terms of sheet metal when I read the title of this thread.

mslevin
mslevin GRM+ Memberand New Reader
1/23/22 4:20 a.m.

You should be able to set up Pi Hole on the Raspberry Pi and add any discord sites and servers to the blocklist. 

Purple Frog (Forum Supporter)
Purple Frog (Forum Supporter) GRM+ Memberand HalfDork
1/23/22 12:03 p.m.

Yeah, I was thinking aluminum with bead-roller accents, and insulation mat on the engine side....

GameboyRMH
GameboyRMH GRM+ Memberand MegaDork
1/23/22 12:34 p.m.

Could switching your router to an OpenWRT one, or reconfiguring your current router to act as just a fiber gateway/DSL modem and setting up an OpenWRT device to your new router, be an option?

Keep in mind you may end up raising an uber-hacker rather than blocking Discord access...

RevRico
RevRico UltimaDork
1/23/22 12:52 p.m.

In reply to GameboyRMH :

Not currently. Gigabit capable routers are still rather expensive, and since I pay for gigabit internet, I wanna use it all. 

On the other hand, I would be ecstatic if it got her motivated enough to bother learning how to get around it. IT work pays well, and females employees are in high demand these days. 

In my searching through the night this seems to be a common complaint. The solutions I've seen deployed in corporate settings are beyond my capabilities, while a lot of home solutions don't seem to work. 

I do have an old router that I could conceivably use as an access point specifically for those devices, netgear R6020. Quick search says it's open wrt capable. 

Making that play nice with the tplink archer may be interesting. Plug it into the router or the switch?

Back to the search engines

CLH
CLH GRM+ Memberand Reader
1/23/22 1:26 p.m.

If the discord server(s) in question are relatively static from an IP-address perspective you could black-hole the routes to them, assuming that the router supports custom route tables (may be an advanced feature hidden in a sub-menu). That couldn't be subverted from a host behind the router without accessing the router to change it, unlike DNS-based blocks which could be bypassed with a local hosts file.

WonkoTheSane
WonkoTheSane GRM+ Memberand UltraDork
1/23/22 7:24 p.m.

What type of device are you blocking?  Starting with a simple host file block is a fine way to start a little hacking...

 

Otherwise, can you set up port forwarding on the router?  Send anything on discord's ports to an IP that isn't being used on your network?

 

Setting up an DDWRT as an access point is as easy as setting a static IP for the router, then switching it into AP mode.

andy_b
andy_b New Reader
1/23/22 7:44 p.m.

A pfsense firewall is probably the lowest cost option to get enterprise options with gigabit capabilities, and would definitely give you the ability to block all discord traffic.  $200 for a PCengines APU2 and PFsense community edition, and you will have more capabilities than you could possibly need. In my experience this is a much more capable and stable solution than flashing custom firmware onto a consumer grade unit. 
 

Otherwise a combination of options suggested above: pihole to make it harder to find discord from the inside, and port forwarding to sink traffic from the outside. 
 

Although none of this stops someone if they have access to a cell phones with data.

paddygarcia
paddygarcia GRM+ Memberand Reader
1/23/22 10:20 p.m.

You may be able to do enough with OpenDNS. Point the router at the OpenDNS servers, configured to block the URLs in question.

It won't do everything (especially as noted if there are phones with data plans involved)  but it'll make things difficult and also log where the miscreant youts are visiting. When mine were younger I'd block the worst and then go through the logs once in a while and ask WTF they and their friends were doing, which at least kept it tamped down and a problem for someone else's house (a plus in my case, maybe an unintended consequence for others).

DrBoost
DrBoost MegaDork
1/24/22 8:10 a.m.

I'm currently trying to do the same thing. They sure don't make it easy for parents to do what they need to do. 
i also appreciate the lack of judgment here. A lot of people will say "don't block sites. Try being a parent once in a while."  
 

z31maniac
z31maniac MegaDork
1/24/22 8:27 a.m.
RevRico said:

In reply to GameboyRMH :

Not currently. Gigabit capable routers are still rather expensive, and since I pay for gigabit internet, I wanna use it all. 

 

I don't know anything about the other stuff, but if you already have a DOCSIS 3.1 modem, that will do gigabit and there are plenty of mesh routers more affordable than my AMPLIFI setup that will handle big speeds.  

GameboyRMH
GameboyRMH GRM+ Memberand MegaDork
1/24/22 9:21 a.m.
z31maniac said:
RevRico said:

In reply to GameboyRMH :

Not currently. Gigabit capable routers are still rather expensive, and since I pay for gigabit internet, I wanna use it all. 

 

I don't know anything about the other stuff, but if you already have a DOCSIS 3.1 modem, that will do gigabit and there are plenty of mesh routers more affordable than my AMPLIFI setup that will handle big speeds.  

The last few router models I've used have gigabit LAN and were around $100. The TP-Link Archer C7 was still the best router for use with OpenWRT when I checked last year.

Our Preferred Partners
TecfsjyiMTOEdnTj5Do6KrPrs2iyxo90boyy75EMNdilAXfceuSnFWypeP1bp3ui