Thanks. Just what I needed.
On Sun, Jul 15, 2012 at 7:39 PM, Lonnie Abelbeck
wrote:
> David,
>
> With the general DNS block in place...
>
> LAN_INET_HOST_OPEN_UDP="192.168.1.99>0/0~53"
>
> will allow the internal 192.168.1.99 device to access any external DNS
> server.
>
> Lonnie
>
> PS: In the
David,
With the general DNS block in place...
LAN_INET_HOST_OPEN_UDP="192.168.1.99>0/0~53"
will allow the internal 192.168.1.99 device to access any external DNS server.
Lonnie
PS: In the web interface we don't support "Pass LAN->EXT" rules, since that is
the default policy and would seem con
Yes I agree. Of course since turning on blocking I find that I have a VoIP
adapter that is remotely administered by "someone else" and it is pointing
to a external DNS server. Fortunately the logs identified this. So I need
to explicitly allow one internal IP to access an external DNS.
David
O
David,
Yes, blocking is best, the "iptables -t nat -A PREROUTING" technique described
only works with IPv4, plus those rules would get a *lot* of matches.
Lonnie
On Jul 15, 2012, at 5:11 PM, David Kerr wrote:
> Thanks lonnie. Blocking port 53 is the simplest way to go I think. Googling
> a
Thanks lonnie. Blocking port 53 is the simplest way to go I think.
Googling also turns up...
http://www.dd-wrt.com/wiki/index.php/OpenDNS
Scroll down that page and you find a way to intercept all port 53 requests
and send them somewhere else silently... so DNS requests satisfied, just
not by th
Off the top of my head you'd need a custom rule along the lines of:
iptables -A FORWARD -i $INTIF -m udp -p udp --dport 53 -d
208.67.222.222 -j ACCEPT
iptables -A FORWARD -i $INTIF -m udp -p udp --dport 53 -d
208.67.220.220 -j ACCEPT
iptables -A FORWARD -i $INTIF -m udp -p udp --dport 53 -j REJECT
Hi David,
From the Network -> Firewall tab
Deny LAN->EXT TCP/UDP 0/0 0/0 53
<>
This applies for both IPv4 and IPv6 if enabled. TCP is seldom used, but best
to also block it.
Now for the extra credit, :-), this can't be done via the Firewall tab, but if
you also add the AIF variable to your
So, the OpenDNS was mentioned on this list a few days ago. I use this
service and the mention on this list prompted me to check my settings to
make sure that I was still appropriately blocking access to web site
categories. And it started me thinking... it would be easy for
a savvy user to reconf
I use OpenDNS for home use as it is an excellent way to block access to sites
in a number of categories. It does have some pretty good logging but you may
require Enterprise if you want something a bit more detailed. Try out the
Premium anyway as its free.
Thanks
Mike
On 15/07/2012, at 3:45
