Exception for a device in a firewall rule

castillofrancodamian · April 25, 2022, 7:27pm

I have this rule to block DNS servers on the local network, but there is a device that acts as a DNS server and I want it not to be affected.
Until now I used another rule to allow forwarding to wan from that device, but it seems more convenient and tidy to have everything in the same firewall rule.

root@enrutador:~# cat /etc/config/firewall

config rule
        option src 'lan'
        option dest 'wan'
        option target 'ACCEPT'
        option name 'Allow DNS servers for AdGuardHome'
        list src_ip '192.168.1.93'
        option dest_port '53 853'

config rule
        option name 'Block DNS servers on lan'
        option src 'lan'
        option dest 'wan'
        option dest_port '53 853'
        option target 'DROP'

ncompact · April 25, 2022, 8:05pm

It should work

config rule
        option name 'Block DNS servers on lan except 192.168.1.93'
        option src 'lan'
        option dest 'wan'
        list src_ip '!192.168.1.93'
        option dest_port '53 853'
        option target 'DROP'

system · May 5, 2022, 8:06pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.