I run this command in the terminal of openwrt router iptables -I OUTPUT 1 -p udp --dport 53 -j DROP to drop all dns packet requests, but it didn't workl in spite of it worked in ubuntu VM.
What is the problem in my command ?
OUTPUT would block DNS packets generated by the router.
You would want to use FORWARD to block any coming from hosts.
This is assuming you're using an external DNS and not your router as the DNS.
1 Like
I am using 1.1.1.1 as DNS, and I try to use FORWARD instead of OUTPUT, but nothing change.
Same problem.
Although you could use the uci/luci to apply this rule, let's see the iptables.
iptables-save -c -t filter
also do yourself and your clients a favour, REJECT, don't DROP unless you have a strong reason. Better to fail quickly and loudly, than hitting timeouts.
2 Likes