There is probably a better way to do this, but I've gotten tired of my son screwing around on the net and not doing his homework, so I've decided to block a few sites at the router. His system uses DHCP addressing, so he picks up the DNS server info from OpenWRT, which till now just passed along those requests to the configured ISP DNS servers. My other systems are on static, and have these DNS entries listed manually.
So, it seemed to be an easy process to insert a few entries into the /etc/hosts file on the router.
Using the web interface, under the Network/Hosts menu, you can easily add new entries. Failing that, editing /etc/hosts by hand isn't that big a deal. The trick, of course, is what to redirect things to.
It would be easy enough to pick a 'safe' site to redirect requests to, a homework help site, the school's web site, etc. All you'd need is their IP address and then just list out the sites you want to point there. In my case, since I am already running a web server here, it seemed easy enough to just add a new VirtualHost under Apache.
Since obviously I wasn't going to purchase a new domain for this, the easiest thing to set up unique traffic seemed to be to add a second IP address on the Mac's ethernet port. In System Preferences, click Network, add a new service (the + symbol if you're running Leopard), select the Ethernet interface, and just call it Ethernet 2. Set a new static IP, save it, and you're done.
Next, in the Apache config files(/etc/apache2/extra/httpd-vhosts.conf for 10.5), set up a new virtual host using that IP address, and port 80. Then just set up where the documents for this web site are located, separate log files if you wish, then grant access for web visitors to actually reach this content. Example follows:
CustomLog "/Users/wright/Documents/apache2/homework_access_log" combined
Options Indexes FollowSymLinks MultiViews
Allow from all
ErrorDocument 404 /index.html
The ErrorDocument statement above will take any page that isn't found (which almost all page requests will be) and redirects this to the main page served. All that I'm using for this is a simple HTML document that displays the text 'Site Unavailable, go do your homework." Obviously you can be as fancy as you want with that.
Over on the OpenWRT side, enter the domains you wish to route to this fake web page. My etc/hosts file looks like the following:
127.0.0.1 localhost OpenWrt
192.168.1.9 youtube.com www.youtube.com
Specifically adding the www.* domain is important, otherwise those requests will hit the actual site.