Best and most optimal settings (Voxel & Kamoj)

[NoFish]

Yep, I see this post
Rules look fine to me, and if it works, then you know it is fine
You probably could simplify them by detecting the port (53 for DNS).
Something like

iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -s ! 192.168.1.2 -d ! 192.168.1.2 -j DNAT --to-destination 192.168.1.2
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -s ! 192.168.1.2 -d ! 192.168.1.2 -j DNAT --to-destination 192.168.1.2

This would redirect all DNS traffic from LAN to your PiHole, whatever the dns server.

Where would I place these rules? The /overlay/opt/scripts/firewall-start.sh doesn't let me write to it with Vi.

 

[R. Gerrits]

Where would I place these rules? The /overlay/opt/scripts/firewall-start.sh doesn't let me write to it with Vi.

You know you need to press 'i' before you can change stuff in Vi??
or just use nano

 

[NoFish]

You know you need to press 'i' before you can change stuff in Vi??
or just use nano

Absolutely, when I vi firewall-start.sh and try to :wq, it gives me a "Write error: Permission denied",

 

[R. Gerrits]

Absolutely, when I vi firewall-start.sh and try to :wq, it gives me a "Write error: Permission denied",

normally, you wouldn't touch stuff in the /overlay partition directly.
You would just make your modifications in /opt/scripts/firewall-start.sh and let the overlay-fs driver create the file.

Which device are you using?
Is the overlay-fs enabled?

On RBR it isn't by default. And if you then try to create a new file in /overlay/opt/scripts/firewall-start.sh, then that folder would probably not even exist and be read-only.