Fine tuning Firewall - whitelist, blacklist, port 80/443

It can be easily done in /etc/config/firewall itself without using any custom rule:

config ipset
    option name 'whitelist'
    option match 'dest_net'
    option family 'ipv4'
config rule
    option name 'Allow whitelist ipset'
    option src 'lan'
    option dest 'wan'
    option ipset 'whitelist'
    option target 'ACCEPT'

The dnsmasq config entry is the way you have mentioned

list ipset '/domain1.com/whitelist'
list ipset '/domain2.com/whitelist'
list ipset '/sub.domain3.com/whitelist'
1 Like