DNS-based firewall with IP sets (Domain name blocking)

I am working on this tutorial here

I have followed the instructions so far.


Am I required to put the domain name, IP address and port number?

Or can add a domain name only?

# Configure domains to filter
uci add_list dhcp.@dnsmasq[0].server="/example.com/"
uci add_list dhcp.@dnsmasq[0].server="/example.net/"
uci commit dhcp
/etc/init.d/dnsmasq restart

Thank you.

You can change or add domain names, but the IP and port should be preserved as-is to forward DNS requests to ipset-dns for each domain that you want to block.

1 Like

Can you ELI5?

For example, you want to block access to this forum:

uci add_list dhcp.@dnsmasq[0].server="/forum.openwrt.org/"
uci commit dhcp
/etc/init.d/dnsmasq restart

You can also use web interface to manage domains:

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.