Looking for a way to do force DNS redirection.
In most other firewalls this is an easy rule + nat to accomplish. It also seems like in nethserver it was able to be accomplished with the cli by modifying the shorewall conf.
So in Neth Security how would we go about forcing all DNS requests (53) to a new specific dest / internal address?
Forcing DNS redirection is automatically done when Threat Shield DNS or Flashstart are enabled.
Still a custom rule is not possible from the UI, you need to use luci for this.
Or just drop a rule similar to this inside /etc/config/firewall:
config ipset 'ns_flashstart_bypass_lan'
option name 'ns_flashstart_bypass_lan'
option enabled '1'
option family 'inet'
option match 'net'
list entry '192.168.7.2'
config redirect 'ns_flashstart_lan'
option name 'Flashstart-intercept-DNS-from-lan'
option src 'lan'
option src_dport '53'
option dest_port '53'
option proto 'tcp udp'
option target 'DNAT'
option ipset '!ns_flashstart_bypass_lan'