dd-wrt icon indicating copy to clipboard operation
dd-wrt copied to clipboard
verified publisher icon collinbarrett

block DNS requests when VPN tunnel is down

Open collinbarrett opened this issue 5 years ago • 1 comments

To prevent ISP from snooping on dnsmasq-proxied DNS queries. NextDNS is proving that some DNS requests are made via my WAN directly outside the OpenVPN client when OpenVPN is down or restarting.

collinbarrett avatar Jul 27 '20 14:07 collinbarrett 

# block non-VPN DNS requests
# TODO: allow ProtonVPN server info lookup to succeed (https://collinmbarrett.com/protonvpn-dd-wrt-api-script/)
# iptables -I FORWARD -o $WAN_IF -p tcp --dport 53 -j REJECT --reject-with tcp-reset
# iptables -I FORWARD -o $WAN_IF -p udp --dport 53 -j REJECT --reject-with udp-reset
# iptables -I OUTPUT -o $WAN_IF -p tcp --dport 53 -j REJECT --reject-with tcp-reset
# iptables -I OUTPUT -o $WAN_IF -p udp --dport 53 -j REJECT --reject-with udp-reset

ref

collinbarrett avatar Jul 29 '21 11:07 collinbarrett