So yes you can try DROP instead of REJECT but I doubt it makes a difference. However in this case you block everything from this client so also DNS queries (but when you use Net isolation on an unbridged interface the DNS queries are allowed!) The client has a fixed DNS server with which its communicates and in this way transfers some small amount of data. You could argue that a client which gets a response that it is blocked will try another way out but that seems really far fetchedĪbout blocking DNS, DNS tunnelling is a well known escape mechanism for blocking (see: ) The difference is with DROP the client does not get a response with REJECT the client gets a response that the query is blocked.
You either DROP or REJECT, but both should block. i got ONE hint from the Tuya community:ġ.) It is necessary to "block" and not only "reject" I will do so tomorrow, today I have to spend some hours together with my wife to avoid storm advisory Last edited by Alozaros on Sat 8:52 edited 1 time in total What do you meant device its working.just connected to the router or its, connected and has access to internet.?Ĭlearly, if you do it correctly, it should work otherwise, its either setup mistake.or less likely a firmware issue. "ONE device is still alive, I did a power off/on on it, but it is working after that."
Firewall builder ddwrt ip link not working mac#
Replace xx with MAC address and give an IP in the router range, when you put a name do not use space or any spacial characters. You also may give your devices static ip'sĪdd this line in this format to advanced DNSmasq rulesĭhcp-host=xx:xx:xx:xx:xx:xx,China-device,192.168.0.101,infinite lets say all your network is still on br0 witch combines Lan ports and wifi.so, regarding br0, those rules must work.just change IP try those iptables rules with those new IPs. give those devices IP from 100+ up to 255 also remove any rules from access restrictions. So.first turn SFE off.(basic setup page) shortcut forwarding engine You have a couple of devices, that you would like they to get IP's, but they must not have Internet.so, you can only access them from the local LAN ?Īs well what is your router IP. ONE device is still alive, I did a power off/on on it, but it is working after that. Stubby for DNS over TLS I DNSCrypt v2 by mac913 Netgear R7000 -DD-WRT 52671 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN Netgear R9000 -DD-WRT 52459 Gateway/StubbyDoT/DNS,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla Netgear R7800 -DD-WRT 52671 Gateway/DoT DNS,AD-Block,AP&Net Isolation,x3VLAN,Firewall,Vanilla
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas TP-Link WR1043NDv2 -DD-WRT 52459 Gateway/DoT DNS,Ad-Block,Firewall,Forced DNS,x4VLAN(no-wifi) TP-Link WR1043NDv2 -DD-WRT 52671 Gateway/DoT DNS,AP Isolation,Ad-Block,Firewall,Forced DNS,VPN,VLAN Iptables -I FORWARD -o $(get_wanface) -p udp -s 192.168.0.50 -j DROP Iptables -I FORWARD -o $(get_wanface) -p tcp -s 192.168.0.50 -j DROP Iptables -I FORWARD -i br0 -o $(get_wanface) -p udp -s 192.168.0.50 -j DROP Iptables -I FORWARD -i br0 -o $(get_wanface) -p tcp -s 192.168.0.50 -j DROP Location: UK, London, just across the river.
Don't know details about the things which are b0rked.
0 kommentar(er)
