✨: block 1.1.1.1 & 1.0.0.1 from LAN

2024-12-25 11:35:24 +01:00
parent 057090b339
commit 68a5356118
1 changed files with 11 additions and 0 deletions
--- a/roles/firewall/templates/firewall.j2
+++ b/roles/firewall/templates/firewall.j2
@@ -570,6 +570,17 @@ config rule
 	option dest_port '21 10100-10110'
 	option target 'ACCEPT'

+## LAN Rules
+# Block DNS redirector
+{% for ip in ['1.1.1.1', '1.0.0.1'] %}
+config rule
+	option name 'Deny-OUTPUT-DNS-{{ ip }}'
+	option src 'lan'
+	option dest 'wan'
+	option dest_ip '{{ ip }}'
+	option target 'REJECT'
+{% endfor %}
+
 ## Default configuration
 config defaults
 	option syn_flood '1'