DNS-based firewall with IP sets (Domain name blocking)

I am working on this tutorial here

I have followed the instructions so far.

Question.

Am I required to put the domain name, IP address and port number?

Or can add a domain name only?

# Configure domains to filter
uci add_list dhcp.@dnsmasq[0].server="/example.com/127.0.0.1#53001"
uci add_list dhcp.@dnsmasq[0].server="/example.net/127.0.0.1#53001"
uci commit dhcp
/etc/init.d/dnsmasq restart

Thank you.

You can change or add domain names, but the IP and port should be preserved as-is to forward DNS requests to ipset-dns for each domain that you want to block.

1 Like

Can you ELI5?

For example, you want to block access to this forum:

uci add_list dhcp.@dnsmasq[0].server="/forum.openwrt.org/127.0.0.1#53001"
uci commit dhcp
/etc/init.d/dnsmasq restart

You can also use web interface to manage domains:
https://openwrt.org/docs/guide-user/firewall/fw3_configurations/dns_ipset#web_interface

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.