Custom script question for redirecting DNS?

[MokaPot]

I'm a bit of a newbie on custom scripts and had a few questions.

I've enabled JFFS custom scripts on the Administration page. My question is when I ssh into the router and go to the jffs/scripts directory, if I want to create iptable rules, do I create a file call "firewall-start" and then add my script there? And the system will run the rules that it find in the /scripts/ folder automatically?

Furthermore, after some searching, I read that iptables has a different syntax on these routers than on other machines. Is the syntax below kosher? I'm trying to solve the issue of devices with hardcoded DNS from by-passing my pihole.

iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -I PREROUTING -i br-lan ! -s 192.168.1.xx -p tcp --dport 53 -j DNAT --to 192.168.1.xx:53
iptables -t nat -I PREROUTING -i br-lan ! -s 192.168.1.xx -p udp --dport 53 -j DNAT --to 192.168.1.xx

 

[ColinTaylor]

This is exactly what the DNSFilter is for in the GUI, use that instead.

 

[MokaPot]

Hmm wouldn't I have to agree to send my data to Trend Micro or something of that sort when I use anything in the AiProtection tab?

And I don't think it lets me redirect all traffic, rather I have to pick out specific devices.

EDIT: I was wrong about the above statement, but if I set the custom DNS server to my pihole (which is also acting as my DHCP server), local hostname resolving will not be affected correct?

 

[RMerlin]

DNSFilter is unrelated to Trend Micro.

 

[ColinTaylor]

EDIT: I was wrong about the above statement, but if I set the custom DNS server to my pihole (which is also acting as my DHCP server), local hostname resolving will not be affected correct?

That depends on how you've configured your PiHole. There was a similar discussion here. Just make sure there is an exception in DNSFilter for the PiHole so you don't end up creating a loop.