Roku somewhat recently decided to hardcode Google’s DNS servers in their devices. That bypasses any DNS blacklisting/adblocking I’ve got set up.
I wanted to block my Roku from talking to the Google DNS (or maybe any DNS outside my network). I went to LuCI and Network, Firewall and finally Traffic Rules, where I set the following:
This seems to result in the following rules in iptables:
zone_wan_dest_REJECT tcp -- anywhere dns.google tcp dpt:domain MAC xx:xx:xx:xx:xx:xx /* !fw3: Block Google DNS */
zone_wan_dest_REJECT udp -- anywhere dns.google udp dpt:domain MAC xx:xx:xx:xx:xx:xx /* !fw3: Block Google DNS */
“dns.google” resolves to 8.8.8.8 and 8.8.4.4. I still see the Roku talking to 8.8.8.8 and 8.8.4.4 according to Pakon. The iptables rules seem specific enough, but perhaps I should make it as a custom rule:
zone_wan_dest_DROP tcp -- anywhere 8.8.8.8 tcp dpt:domain MAC xx:xx:xx:xx:xx:xx
Or is filtering by MAC address not effective with iptables?