block DNS requests when VPN tunnel is down

collinbarrett / dd-wrt

My home DD-WRT configuration for privacy, security, and performance.

MIT License

18 stars 4 forks source link

block DNS requests when VPN tunnel is down #3

Open collinbarrett opened 4 years ago

collinbarrett commented 4 years ago

To prevent ISP from snooping on dnsmasq-proxied DNS queries. NextDNS is proving that some DNS requests are made via my WAN directly outside the OpenVPN client when OpenVPN is down or restarting.

collinbarrett commented 3 years ago

# block non-VPN DNS requests
# TODO: allow ProtonVPN server info lookup to succeed (https://collinmbarrett.com/protonvpn-dd-wrt-api-script/)
# iptables -I FORWARD -o $WAN_IF -p tcp --dport 53 -j REJECT --reject-with tcp-reset
# iptables -I FORWARD -o $WAN_IF -p udp --dport 53 -j REJECT --reject-with udp-reset
# iptables -I OUTPUT -o $WAN_IF -p tcp --dport 53 -j REJECT --reject-with tcp-reset
# iptables -I OUTPUT -o $WAN_IF -p udp --dport 53 -j REJECT --reject-with udp-reset

ref