Okay, is that because of the limitation referenced in this post (How to use nftset with dnsmasq? - #16 by VA1DER) where it's said the IPs won't be added to the set unless dnsmasq is sent a query to resolve them? So I would have to run nslookup on the domains I wanted first?
Just making sure. These "sets" are a totally new concept to me.
Following the guide I referred to had me a little confused too, because it doesn't show the firewall rule that it suggests one makes--well, it shows how to make a firewall zone, but I'm interested in creating a rule for a single device. But I'm guessing that the IP set can then be referred to in a firewall rule by dereferencing its name with an '@' first? So for example if I created the ipset "subtitle_sites" I should be able to write a rule such as....
config rule
option name 'Allow TorrentBox to reach subtitle_sites through WAN'
option src 'lan'
list src_mac '08:00:27:1C:16:41'
option dst_ip '@subtitle_sites'
option dest 'wan'
option target 'ACCEPT'
list proto 'all'
option enabled '0'
Or will this not work with the OpenWRT config files? I am wondering if I might need to use nft itself?
Something like...
nft insert rule inet fw4 192.168.1.5 ip daddr @subtitle_sites accept