hello,
can i restrict connecting to gaming servers for example i want to connect to all servers with
*.eu-west-2.compute.amazonaws.com and block the others
2 Likes
the problem these gaming ip doesn't belong to dns, is there a way to capture those ip and save them automatically to ipset, i want to save all ip with *.eu-west-2.compute.amazonaws.com and block the others for example i don't want to connect to *.eu-west-1.compute.amazonaws.com
I am not sure I understand your requirements, but perhaps this could help: https://openwrt.org/docs/guide-user/firewall/fw3_configurations/dns_ipset
It doesn't actually require IP sets:
# Allow eu-west-2.compute.amazonaws.com
uci add_list dhcp.@dnsmasq[0].server="/eu-west-2.compute.amazonaws.com/#"
# Deny compute.amazonaws.com and its subdomains
uci add_list dhcp.@dnsmasq[0].server="/compute.amazonaws.com/"
uci commit dhcp
/etc/init.d/dnsmasq restart
However, IP sets should work as well:
uci -q delete dhcp.@dnsmasq[0].ipset
uci add_list dhcp.@dnsmasq[0].ipset="/eu-west-2.compute.amazonaws.com/allow,allow6"
uci add_list dhcp.@dnsmasq[0].ipset="/compute.amazonaws.com/deny,deny6"
/etc/init.d/dnsmasq restart
Assuming that you have created the allow and deny IP sets.
Then create the firewall allow and deny rules that use the allow and deny IP sets respectively.
Also, depending on your default policy, some steps can be skipped.
1 Like