Get a real router and drop those ip ranges. Problem solved.
What router are you running? I'm running a Mikrotik right now, and for under $100 the features it gives me are insane.
Mikrotik here as well. The feature set is superb and isn't locked behind obnoxious paywalls like most routers (oh, you want to run BGP or OSPF? That requires a $5000 commercial router). Sure, you may only have $100 worth of hardware so your physical capacity is limited, but you can use every software feature you want even with their cheap routers. If I want to isolate my guest wifi from my LAN, I can easily do it. If I want to setup routing to another router on my home network (I used to do this for reasons), I can do it. If I want to log every botnet trying to bruteforce my network to build a custom blacklist, I can do it. If I want to watch connections on the wire to figure out why blocking 45.0.0.0/8 breaks Netflix title enumeration (a freaking Chinese IP range I'd normally block), I can easily do it. If I want to watch every connection some smart tv's ad-spam connects to, I can do it...and no more ads. If I want to setup a VPN back to my house, easy-peasy.
Good look doing that with most residential routers even at triple the price. Either they wont have the feature at all, or it'll be so cumbersome that it's nigh unusable.
Mind sharing which model you use, their collection is immense
Mikrotik is some great stuff, you're right. The $99 I spent on a unit a few years back was a great investment. They even provide a basic setup now, mine had to be programmed from the ground up.
I'm glad they added the basic setup. It's much more fun to start by fiddling with "fun stuff" like custom firewall rules rather than "Ok, the last time I setup a DHCP client so I can plug into my modem was five years ago, how the heck did I do this last time..."
If you don't feel like changing your router (assuming they don't break DNS lookups,) you can use a Pi-Hole and block that stuff systemwide.
(post is archived)