To block the Boox China network (or any specific network, such as those associat

1. To block the Boox China network (or any specific network, such as those associated with Boox devices from China) from accessing the internet on your OpenWrt router, you’ll need to create firewall rules to drop traffic from the relevant IP ranges. Since "Boox China network" isn’t a standard term with a universally defined IP range, I’ll assume you mean traffic originating from Onyx Boox (a Chinese company) servers or related Chinese IP ranges. If you have specific IP addresses or ranges in mind, you can adjust the steps accordingly.
2. Here’s how you can set this up using OpenWrt’s LuCI web interface or the command line:
3. Option 1: Using LuCI Web Interface
4. Log in to LuCI:
5. Open your browser and go to your router’s IP address (e.g., 192.168.1.1).
6. Log in with your credentials.
7. Navigate to Firewall:
8. Go to Network > Firewall > Traffic Rules.
9. Add a New Rule:
10. Scroll to the "New forward rule" section, give it a name like block_boox_china, and click Add.
11. Configure the Rule:
12. Source Zone: Select lan (assuming the devices are on your local network).
13. Source Address: Leave it as "Any" unless you’re targeting a specific device on your LAN.
14. Destination Zone: Select wan (to block internet access).
15. Destination Address: Specify the IP range for the Boox China network. For example:
16. If you know specific Boox servers (e.g., 203.195.128.0/24), enter that.
17. For a broader block of Chinese IP ranges, you might use something like 42.56.0.0/16 (a known Chinese range, adjust based on your needs).
18. Action: Select Drop (silently discards packets) or Reject (sends a rejection response).
19. Protocol: Select Any unless you want to block specific protocols (e.g., TCP/UDP).
20. Save and Apply:
21. Click Save and then Save & Apply to activate the rule.
22. Option 2: Using the Command Line
23. If you prefer more control or need to block multiple ranges, use SSH to configure the firewall:
24. SSH into Your Router:
25. Connect via a terminal (e.g., ssh root@192.168.1.1).
26. Edit the Firewall Configuration:
27. Open the firewall config file:
28. vi /etc/config/firewall
29. Add a new rule at the bottom:
30. config rule
31. option name 'block_boox_china'
32. option src 'lan'
33. option dest 'wan'
34. option dest_ip '203.195.128.0/24'
35. option target 'DROP'
36. option enabled '1'
37. Replace 203.195.128.0/24 with the actual IP range you want to block. Add more config rule blocks for additional ranges.
38. Apply Changes:
39. Save the file (:wq in vi) and restart the firewall:
40. /etc/init.d/firewall restart
41. Finding Boox China IP Ranges
42. Since Boox devices likely connect to Onyx servers in China, you’ll need to identify their IP ranges:
43. Check logs on your router (Network > Diagnostics or logread via SSH) to see what IPs your Boox device contacts.
44. Alternatively, block larger Chinese IP ranges (e.g., from APNIC’s allocation list), but this might over-block unrelated services. For example:
45. 42.0.0.0/8 (China Telecom)
46. 116.196.0.0/16 (China Mobile)
47. Use caution, as this could affect other devices or services.
48. Notes
49. Specificity: If you only want to block Boox updates or telemetry, you’ll need the exact server IPs, which might require monitoring traffic (e.g., with tcpdump or a packet sniffer).
50. IPSet for Large Lists: For many IP ranges, consider using ipset (install via opkg install ipset) to manage them efficiently:
51. ipset create boox_block hash:net
52. ipset add boox_block 203.195.128.0/24
53. iptables -A FORWARD -m set --match-set boox_block dst -j DROP
54. Testing: After applying the rule, test internet access from your Boox device to confirm it’s blocked.
55. If you have a specific IP range or more details about what "Boox China network" means to you, let me know, and I can refine the instructions!