How to block udp ports 1024-65534 in dd-wrt router?

This blog will guide you to block internet udp ports 1024-65534 in your dd-wrt router. This is required for WFilter p2p blocking in pass-by filtering mode.

Click “Add/Edit Service” in “Access Restrictions”



Add a port service with udp ports range 1024-65534

Enable blocking of this new service.

In “Blocked Services”, enable blocking of this new defined service.

Done. Now certain udp ports are blocked.

How to block udp ports 1024-65534 in openwrt router?

This blog will guide you to block internet udp ports 1024-65534 in your openwrt router. This is required for WFilter p2p blocking in pass-by filtering mode.

Click “Add Entry” in “Network”->Firewall”->”Traffic Control”

Define the blocking rule

The destination port shall be “1024-65534″.

Done, now you can check the blocking policy in iptables list.

How to block pps streaming movies in iphone and android?

WFilter can block online streaming traffic in your network, even for mobile devices. In this tutorial we will guide you to block pps streaming in iphone and android with WFilter 4.0.

Create a “block PPS” policy

Apply this policy to certain devices

Check blocking

PPS in android is now unavailable.

PPS in iphone becomes infinite loading.

Blocking events in WFilter.

How to deploy WFilter free with mikrotik routerOS(ROS)?

The “packet streaming” feature in RouterOS can send network packets to a network parser for analysis. In case when you don’t have a manageable switch, you can enable this feature for WFilter to monitor and filter network computers.

In this blog, I will demonstrate you to set up WFilter free for web filtering with RouterOS.

Enable Packet Streaming

In “Tools”->”Packet Sniffer”, choose the lan interface as the sniffer interface.

Set the WFilter server ip as the streaming server

Done, now you shall be able to monitor all network computers in WFilter Free or WFilter Enterprise.

Let’s add a blocking policy to check.

First, add a blocking level.

Block web surfing

Second, apply this blocking policy to target ip range.

Check blocking

Management of multiple deparments in WFilter

You may use WFilter to setup internet access policies for network computers. However, it could be a very complicated mission for IT department to set the policies when you have a lot of departments and users.

In this case, the solution is to setup multiple WFilter operators for departments. Each operator only can set policies for users in certain departments. For example, department manager has the privilege to set internet policies for department staffs.

In this topic, I will guide you to manage multiple operators in WFiler Enteprise 4.0.

1. Add departments

You can add departments in Policy Settings->Department Settings

2. Add operators

Add operators in System Settings->Manage Operators.

The “Supervising Dept.” defines the users whom this operator can see and configure. You also can define the WFilter menu for each operator.

3. Policy Settings

You can define departments’ ip ranges in “Default Ip Policy”. So ip addresses will be added to certain deparment automatically.

4. Operator Features

In “User-computer table”, operator can only see users in its “Supervising Dept.”.

You can schedule standard reports to be sent to the department managers.

Block video websites with WFilter 4.0 version.

Online audio/video streaming can consume most of your bandwidth. To save your bandwidth, you might want to block online steaming traffic on your network.

Online streaming can run on different protocols:

  1. Video websites like youtube. You can watch video directly on the webpages.
  2. Standard Real Time Streaming Protocol(RTSP).
  3. P2P based streaming products, like pplive, ppstream.
  4. Video downloading websites.

Therefore, for complete blocking of online streaming, you need to setup several policies.

1. Block streaming webpages

You can block video webpages by check “Block Online HTTP Video and Downloading of Video Files” in WFilter.

Step1: Enable this blocking option in blocking level settings.

Step2: Apply this policy to computers.

Step3: Check blocked video webpages

Now video webpages are blocked.

2. Block “Streaming Media” website category

WFilter has an url database with most common websites. You can block streaming websites category.

Streaming websites will be blocked.

For more details about WFilter, please check: WFilter Features

How to block “Ammyy Admin” in network?

This tutorial will guide you to block “Ammyy” with “WFilter Enterprise 4.0″.

First, Add “Ammyy” Protocol.

Ammyy has one pattern:
“ammyy_tcp”:
  Type — “TCP SEND”
  Format — “0″
  Content — “^\x25[\x00-\xff]{4}\x2e\xf4\xff\xff”

Second, Enable blocking of Ammyy in certain blocking levels.

And apply this blocking policy to certain computers.

Now, Ammyy will be blocked.

WFilter blocking events:

Failure connection of Ammyy.

Related Links:

http://blog.wfilterngf.com/How+To+Block+TeamViewer+On+My+Network+Using+WFilter.aspx

How to block hotspot shield in network?

Hotspot Shield is a free vpn service for you to access blocked websites. With hotspot shield, you can bypass internet filter on your network.

So, to implement internet access policies in business networks, it is required to block hotspot shield traffic.

This tutorial will guide you to block hotspot shield with WFilter.

Add hotspot shield protocol

Because “hotspot shield” is not a default protocol of WFilter, you need to define it manually in “Customize Protocols”.

As in the above figure, add a new protocol named “HotSpot” in “Customize Protocols”. Three patterns are required:

UDP send pattern 1: “^\x88[\x00-\xff]{8}(\x00){5}$”

UDP send pattern 2: “^\x28[\x00-\xff]{9}(\x00){4}”

TCP send pattern: “\x00\x0e\x88[\x00-\xff]{8}(\x00){5}$”

Enable blocking of “hotspot shield”

Now, by enabling “Block hotspot” in blocking level settings, hotspot will be blocked.


Please notice:

Hotspot can be completely blocked when your WFilter is deployed in “pass-through” mode. However, in “pass-by” mode, for complete blocking of hotspot, you also need to block udp ports 900-65534 in your router or firewall. check: How to block certain UDP ports in router/firewall?

How to manage several WFilter servers from a central location?

When you need to manage several offices internet access, it will be helpful if you can do the management in a central location.

This tutorial will guide you to manage several WFilter servers within a same user interface.

1. Edit WFilter servers

Step1: In WFilter’s dashboard, click “Edit” to define remote servers.

Step2: add servers.

Please notice:

  1. Remote server’s admin password is required.
  2. The remote WFilter server shall be configured as “Allow Remote Access” in “System Settings”->”Remote Access Control”.
  3. If you’re connecting the remote server from internet, you need to forward tcp port 9090 to the WFilter server in the remote network router.
  4. If the remote network don’t have a fixed internet ip address, you also can access the remote server by dynamic domain name.

2. Switch WFilter servers in the dashboard.

Now you can switch WFilter servers in the dashboard. All the data will be retrieved from remote servers. So you can manage different WFilter servers in a central location.