AsusWRT much needed feature [Privacy - Security]

[dragonmoony]

Hi guys, as you may know, with the release of Windows 10 and some other recent events, more people are paying attention to privacy and security.
Right now, if you are an average joe, you have no idea how to block IPs in your router. The only way is learning what the hell SSH is, then learning scripts to then block IPs one by one using iptables.

I think it will benefit all if we can get a simple text input somewhere on the firewall page of AsusWRT, where users can copy paste a list of IPs (one IP per line) and have them all be blocked. Like the list of IPs you can find on the net that Windows 10 uses to send microphone data, webcam data, keystrokes and more to microsoft and other servers.

Even better would be an optional feature where you input a link to a txt file on the internet, which contains a list of IPs (again, one IP per line) that get imported and blocked. This way, people can share IP lists and they can use the same list among all their routers.

 

[martinr]

As your title refers to AsusWRT, I wonder if your topic would get better exposure on that forum rather than on Merlin's, whose oft-stated objective is stability above all else rather than added features?

It strikes me you're also in the realm of "ad blocking", which I think should really be called malicious-domain blocking so that it, firstly, doesn't tar all ads with the same brush, secondly, widens the field to what we really want to block: all domains that are malicious. I can see that with the examples given, you may well get asked where do you draw the line? And unless you are attaching some form of storage via USB (memory stick or malicious-domain-blocking DNS server) I could see the router's storage (jffs partition) rapidly filling with tens of thousands of malicious domains, which need to be regularly updated (additions and removals), and Merlin warns against constant writes to this area.

Don't misunderstand me, I agree with you wholeheartedly, I'm just saying I'm not sure - to use the latest bit of management gobbledegook - your proposal will get much "traction" in its current form. The intention is spot on, so just include those IP addresses in one's "ad blocking" list?

 

[dragonmoony]

As your title refers to AsusWRT, I wonder if your topic would get better exposure on that forum rather than on Merlin's, whose oft-stated objective is stability above all else rather than added features?

It strikes me you're also in the realm of "ad blocking", which I think should really be called malicious-domain blocking so that it, firstly, doesn't tar all ads with the same brush, secondly, widens the field to what we really want to block: all domains that are malicious. I can see that with the examples given, you may well get asked where do you draw the line? And unless you are attaching some form of storage via USB (memory stick or malicious-domain-blocking DNS server) I could see the router's storage (jffs partition) rapidly filling with tens of thousands of malicious domains, which need to be regularly updated (additions and removals), and Merlin warns against constant writes to this area.

Don't misunderstand me, I agree with you wholeheartedly, I'm just saying I'm not sure - to use the latest bit of management gobbledegook - your proposal will get much "traction" in its current form. The intention is spot on, so just include those IP addresses in one's "ad blocking" list?

Ad blocking is not really my concern, I want to block a list of servers that are known for collecting user data that windows sends out automatically. Be it telemetry, keystrokes, audio or videos. This kind of data is sent in the background, without the users' knowledge to several servers.

I would take your suggestion and post this on the AsusWRT forum as well but it seems AsusWRT doesn't have a dedicated forum. (plus, I don't think Asus will ever want to piss off their biggest client: Microsoft)

If you are wondering, here is the list of the servers I mean to block.
http://pastebin.com/bp7wruLc

[edit: yes an option would be to read from a txt file on a usb stick for if the list gets too big.]

 

[dragonmoony]

May I add, that this is not entirely a whole new feature to add, since all the functionality is there (IP tables). So it's just that it needs a GUI (text field on the web page) to interface with the built-in functionality so that everyone can use it.

 

[Threska49]

Some have suggested blocking with the HOSTS file.