Firewall and dns

Peacefuleight · November 9, 2024, 6:19pm

Hi,
someone could tell me if that rules have sense?
thanks

config redirect 'dns_int'
	option name 'Intercept-DNS'
	option family 'any'
	option proto 'tcp udp'
	option src 'lan'
	option src_dport '53'
	option target 'DNAT'

config redirect
	option dest 'wan'
	option target 'DNAT'
	option name 'dns intercept'
	list proto 'tcp'
	option src 'lan'
	option src_dport '853'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'dns intercept'
	list proto 'tcp'
	option src 'wan'
	option src_dport '443'
	option dest_ip '8.8.8.8'

frollic · November 9, 2024, 6:33pm

Follow https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns instead.

ninjanoir78 · November 9, 2024, 6:47pm

Ok so only on port 53, I'm wondering too, if we could intercept port 853

frollic · November 9, 2024, 6:56pm

You should block it, as described in the link you were given.