IP Sets with nftables in LuCi

Up-to-date LuCi has this:

What can we do with this?

In the old fw3 wiki it states here:

My question is: has all of this been handled? For example I'd like to DNS hijack any DNS queries to nordvpn.com and redirect that to Also I'd like to filter on IP set for firewall rules to block certain domains at certain times of the day.

Can this be done in LuCi?

It’s not very usable at the moment with fw4/nftables because dnsmasq is still waiting for the bump to v2.87 where nftables sets are supported. At the moment, those configs will ask dnsmasq to populate ipsets that won’t exist on 22.03 or master. It would work fine with 21.02.

1 Like

Not with 22.03/fw4 currently. The fw4 no longer creates ipset from its config and creates nft sets instead, however dnsmasq which supports nft sets is not in OpenWrt 22.03 repo yet.