I wanted to block youtube and some gaming sites for certain machines on the network. I looked up which ports they use and set a rule in my router.
outbound port 443/TCP (HTTPS) : used for authentication with the built-in providers such as YouTube Live, Facebook Live, Ustream, Livestream, and Twitch
outbound port 53/UDP (DNS) used for DNS lookups converting hostnames to IP addresses.
I swapped the source and destination IP's and inbound and outbound settings, but nothing worked. At one point, some other sites were blocked, but never YT (ironically, sites that I find that kind of info from).
My router is limited to setting this kind of rule:
inbound or outbound
source or destination IP is 0.0.0.0/0 for all IPs or the specific machine IP
port range
143 different types like TCP, UDP and others that are listed by name, or I can use a number that I do not have a lookup table for.
Then I read somewhere that I can't do it that way because Google uses https, or some other magic.
I might consider a router that can block domains or even better, not sure what to look for. Then I may go to manual IP and resort to individual MAC access.
I read about openDNS but that blocks the entire network.