How to enforce clients to use the configured DNS and not be able to change it?
I read somewhere that it can be achieved by using iptables which I'm not familiar with.
Current setup:
ISP router on bridge mode connected to an openwrt router both are in same subnet.
Pihole on the LAN.
#The firewall rule for the redirect:
iptables -t nat -D PREROUTING -m mac "!" --mac-source XX:XX:XX:XX:XX:XX -p tcp --dport 53 -m addrtype "!" --src-type LOCAL -j DNAT --to 192.168.x.x
iptables -t nat -A PREROUTING -m mac "!" --mac-source XX:XX:XX:XX:XX:XX -p udp --dport 53 -m addrtype "!" --src-type LOCAL -j DNAT --to 192.168.x.x
(replace 192.168.x.x with the IP of your DNS filter and XX:XX:XX:XX:XX:XX with its MAC)
I tried the custom rules above but it didn't work and I can't tell if it's the correct way to do it, as I said I'm not familiar with iptables.