From 68a53561188da5105711b82836b50f866bfb8b94 Mon Sep 17 00:00:00 2001
From: VC <veretcle+framagit@mateu.be>
Date: Wed, 25 Dec 2024 11:35:24 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8:=20block=201.1.1.1=20&=201.0.0.1=20fr?=
 =?UTF-8?q?om=20LAN?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 roles/firewall/templates/firewall.j2 | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/roles/firewall/templates/firewall.j2 b/roles/firewall/templates/firewall.j2
index 3787b0d..997fca1 100644
--- a/roles/firewall/templates/firewall.j2
+++ b/roles/firewall/templates/firewall.j2
@@ -570,6 +570,17 @@ config rule
 	option dest_port '21 10100-10110'
 	option target 'ACCEPT'
 
+## LAN Rules
+# Block DNS redirector
+{% for ip in ['1.1.1.1', '1.0.0.1'] %}
+config rule
+	option name 'Deny-OUTPUT-DNS-{{ ip }}'
+	option src 'lan'
+	option dest 'wan'
+	option dest_ip '{{ ip }}'
+	option target 'REJECT'
+{% endfor %}
+
 ## Default configuration
 config defaults
 	option syn_flood '1'