About AdGuard Home running on OpenWrt system with nftables firewall

I wonder if AdGuard Home (AGH) is not compatible with nftables? Because AGH's DNS Rewrite often does not work for me

Didn't know AGH did any firewall rewrites at all, what makes you think it does/should do?

1 Like

I use AGH's DNS Rewrite to block iDevice system updates.

That has nothing to do with the firewall, that's DNS, use instead of, it's quicker.

You probably need to implement https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns too.

1 Like

This is the setting when my openWRT is still using iptables. When using iptables, DNS Rewrite can also be successfully rewritten.

Which this?

Which DNS rewrite ?

What I mean is, the DNS Rewrite rule screenshot above is still using iptables before.

By the way, at that time, the openWRT firewall added the following custom rule.

Then use the config provided in the link.
The rule above will not be enough anyway, if you haven't reconfigured the clients.

That is iptables. My current openWRT is replaced by nftables, so there is no custom rule to fill in

Really, i don't see one single iptables command in there..

So, I don't know what to do

Start by rereading your own thread, take in the information provided, and make sure you actually understand it.

Consider renaming it too, your issue has nothing to do with AGH.

Or, if you're really lazy just search for nftables udp 53, but again, it won't solve your problem.

I think your misconception is because you misunderstand the quote you posted.

It might,OP posted from this step:

2.3 /etc/firewall.user
Prevent DNS leaks and force all connected devices to use the new DNS port:

1 Like

The conclusion would then be, if he'd kept reading the original thread, the solution would have appeared ?

But, AFAIK Apple devices don't use clear text DNSes any more, making the rule obsolete.

1 Like

If I set "Intercept-DNS" according to openWRT Wiki, my device will not work

which one of them ?

the dns failing for your clients, doesn't have to be a bad thing.
it could mean your dns block is working, but your AGH running on the
openwrt device, might be having issues.

I can't access WAN.

If "Intercept-DNS" is disabled, I can access WAN normally.

you didn't read my last reply, did you ?

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.