"Translate" nftables rule into LUCI

I've put the blurb below (forcing a redirect for DNS & NTP for 2 systems to my internal DNS & NTP server) in /usr/share/nftables.d/chain-post/dstnat_lan because I cannot figure out how to get this done in the GUI. I don't care about the defines that I used, but I'd love to create these 2 rules through the GUI and have the firewall configured in one place.

Is there a way to do this through the GUI?

define mac_tv = xx:xx:xx:xx:xx:xx
define mac_soundbar = yy:yy:yy:yy:yy:yy
define redirect_devs = { $mac_soundbar, $mac_tv }
define redirect_ports = { 53, 123 }

udp dport $redirect_ports ether saddr $redirect_devs counter dnat ip to 127.0.0.1
udp dport $redirect_ports ether saddr $redirect_devs counter dnat ip6 to ::1

Just customize the source MAC and add a similar redirect for NTP:
https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns

Thanks for your response. I did see that article, among others. But I want to use MAC addresses instead of IPs.

What do you mean by "customize the source MAC"?

LuCI > Network > Firewall > Port Forwards > Intercept-DNS/NTP > Edit

  • Advanced Settings > Source MAC address
2 Likes