We need a way to program Internet blocking on a network, and we've been doing this using PiHole with a few scripts to schedule the DNS blocks. Problem is, DNS blocking is really easy to circumvent, so we need something deeper down, which could block even VPNs. But we also need a way to have certain mac addresses bypass the block.

Questions:

• Is this even possible? Nations have trouble blocking VPNs, although airports seem to do it pretty well
• Is iptables the best way to achieve this? Or should we use router configs to do it?
• Can we route all router traffic thru the Pi so we can set rules there?

The communities use DLink DIR-819 routers, which give us access to a basic shell and has lots of configuration options. We have to figure something out for this specific router.

how about instead of a block list, you just block everything and have an allow-list for those mac-addresses?

@Luandro Pàtwy perhaps if you gave a little more context about why you're trying to do blocking it would give us some more ideas? (oh I just noticed there's an image i don't have yet that might be carrying context).

If people are running scuttlebutt clients you could have them replicating applications to have access to the internet locally to admins, and on approval, those peers mac addresses get put into the iptable? (random bad ideas!)