One of the most useful tools in the OpenWRT belt is the ability to block domain queries before they can escape to the Internet. In this article, we’re going to set up luci-app-adBlock and its associated packages so that you too can lock out thousands of trackers, ad servers, and analytics tools that compromise your security and privacy.
If you encounter any issues or need further assistance, please refer to the OpenWRT Forum or OpenVPN Documentation.
1. Log in to your OpenWRT router’s GUI.
2. Add the luci-app-adblock package using the software installer. Click here to learn how to install software packages.
If you see the Installed button on this screen, then the adblock has been successfully installed.
3. Reboot the router in System>Reboot.
4. Log back into the router and go to Services>Adblock
5. Enable ‘Force Local DNS’ and ‘DNS Report’, then hit ‘Save & Apply’.
6. First, let’s set up our blocklist sources. Using the dropdown, you can pick the blocklists you want to use to filter domains for the blocker. The ones selected now are the defaults.
Note that the more lists you add, the more likely you’ll block something you want to keep, and your favorite website may not load. This may take some trial and error to make sure you block what you want to block.
For this tutorial, I’m going to click on ‘Edit blacklist' and add Amazon to test that the blocker is working and click Save. Note that by selecting ‘www.’ I’m only blocking the primary domain, not any subdomains though there are a few subdomains in the default lists that are also blocked.
7. Let’s try it out!
Now that everything is configured, let’s make sure Adblock is working. Since we added www.amazon.com above, visit amazon.com in a web browser. Here is the result:
Uh… wait. That’s not supposed to happen, we’re using Adblock. What the heck?
The problem is that web browsers are able to resolve DNS over HTTP (DoH), totally bypassing Adblock and allowing sites to still load. Not that DoH is a bad thing, it can be useful when using it from your OpenWRT router, but you want to make sure it goes through Adblock first.
There are several ways to tackle this problem. The easiest is — you guessed it — to install another package.
8. Installing luci-app-banIP
banIP has numerous features, some of which overlap with Adblock a little, as it allows you to use predefined lists to block certain domains. For this exercise, we’re going to focus on DNS over HTTP (DoH).
9. Navigate back to System>Software and filter on luci-app-banip. Click ‘install’ to add the package. Refresh your browser and go to Services>banIP.
10. Enable banIP at the top of the page and then DoH (the fourth item from the top of the settings) for both IPv4 and IPv6 — this will prevent the browser from bypassing the router’s DNS to resolve the sites we want to block. To finish up, click ‘Save & Apply’ at the bottom of the page.
You shouldn’t need to change any other settings here, but you can play with some of the domain filtering options if you’d like. This should ALMOST be enough to get everything running the way you want.
11. Reboot the router one more time.
12. Try Amazon again.
Success! Amazon is blocked from loading. You can also verify this in services->Adblock.
13. Check DNS Report in Adblock to confirm blocking. Navigate back to Services->Adblock from the main menu.
When you click on the DNS report tab and hit ‘refresh’, you can get a list of the latest DNS requests. As you can see, amazon.com was blocked.
Now that Adblock is set up, you can navigate the Internet with less spam, trackers, and other privacy-busting garbage than ever before.
