Ok, so I have some FireTV's that I wanted to block a range on my network from bypassing my PiHole. I didn't want to do it network-wide, as sometimes I want to bypass the PiHole. Also, I didn't want a loop from my PiHole being redirected to itself.
So my subnet on my LAN is 10.47.22.0/24, but that doesn't matter.
I wanted to redirect only 10.47.22.50 to 10.47.22.59.
Step 1:
The first step is to create an IP set. So I added one.
Name: the50s
Family: IPv4
Packet Fiels Match: src_ip
IPs/Networks/MACs:
I added the IP addresses I wanted to DNS hijack
Then I enabled counters. That is optional.
Step 2:
Create a Port forward:
Name: dnsintercept50s
Restrict to address family: IPv4
Protocol: TCP, UDP
Source zone: lan
External port 53
Destination zone: lan
Internal IP address: any
Internal port: any
Step 3:
Go to the advanced settings tab:
Use ipset: --Choose the IP set created in Step 1.
Then hit save and reload.
If you want to hijack both IPv6 and IPv4, make the IP Set match the MAC address instead of the IP address, then it won't matter what the source IP address is.. You will need to make an IP Set for both IPv4 and IPv6, and a matching IPv6 forward. You will have to forward the IPv6 forward to the IPv6 of your PiHole. Then you won't have to set a static address for your devices. I have static IP's for my FireTV's, as it helps with sideloading apps.