I've recently discovered that certain devices on my network ignore the DNS server supplied via DHCP and use google's 8.8.8.8 or 8.8.4.4 instead. I'm trying to block that (hoping that they'll fall back to the supplied DNS server) but I can't get it to work.

I'm trying to block requests from my DHCP range (192.168.0.11 to 192.168.0.253) to any WAN address on port 53. My rule is below:



When testing, the rule doesn't work and passes on the default rule:



When I change the source port of the request (and nothing else), the test gets blocked by filter set 2 rule 2.



And if I toggle off rule 2 shown above, the request from port 137 passes.

There are no rules allowing UDP port 161 (and I have tested with out random source ports) and I've tried changing the IP range to "Any" with the same results. I'm at a loss here, does anyone have any ideas?

Undergrid wrote:
I'm at a loss here, does anyone have any ideas?

I have a similar set of rules to block access to Google's DNS - though my logic is reversed (with a default DNS block and exceptions for ones I want to allow through).

I have had the same issue - of a firewall rule seemingly being ignored. In the end, I deleted the rule and recreated it, at which point it started working...

You could also try the Telnet IPF command - and see if the rule looks OK, when viewed through that interface.

I figured this out.

I switched from Wizard to Advanced mode for edit firewall rules, which gave me an advanced option for the direction setting. When I clicked this it gave me an option to edit the source and destination interfaces the rule applied to, and nothing was selected by default. When I set them properly, the rule started working.

I have no idea why the default options don't seem to apply to any interfaces, especially when there's no indication in the default wizard mode that you can edit that setting, but at least now I can get it working.