On the page https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns#dns_over_https
In the following code, IPv4 and IPv6 are defined separately but the rule is exactly the same for both protocols.
Can someone check this and then combine the rules confusing. If I have missed something then you should at least call one Deny-DoH6
# Filter DoH traffic
uci -q delete firewall.doh_fwd
uci set firewall.doh_fwd="rule"
uci set firewall.doh_fwd.name="Deny-DoH"
uci set firewall.doh_fwd.src="lan"
uci set firewall.doh_fwd.dest="wan"
uci set firewall.doh_fwd.dest_port="443"
uci set firewall.doh_fwd.proto="tcp udp"
uci set firewall.doh_fwd.family="ipv4"
uci set firewall.doh_fwd.ipset="doh dest"
uci set firewall.doh_fwd.target="REJECT"
uci -q delete firewall.doh6_fwd
uci set firewall.doh6_fwd="rule"
uci set firewall.doh6_fwd.name="Deny-DoH"
uci set firewall.doh6_fwd.src="lan"
uci set firewall.doh6_fwd.dest="wan"
uci set firewall.doh6_fwd.dest_port="443"
uci set firewall.doh6_fwd.proto="tcp udp"
uci set firewall.doh6_fwd.family="ipv6"
uci set firewall.doh6_fwd.ipset="doh6 dest"
uci set firewall.doh6_fwd.target="REJECT"
uci commit firewall
/etc/init.d/firewall restart
Also the last command in this block ipset setup fails because the switch setup does not exist.
I am running OpenWrt 20.02.01
Thanks