|
|
|
|
|
|
by VTimofeenko
348 days ago
|
|
|
Why not forbid going outside on port 53 and (optionally) redirect to the local DNS servers: (nftables syntax) ip saddr != @lan_dns ip daddr != @lan_dns udp dport 53 counter dnat ip to numgen inc mod 2 map { 0 : 192.168.1.1, 1 : 192.168.1.2 } comment "Force all DNS traffic to go through local DNS servers" |
|
|