Blocking DNS Changes
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Blocking DNS Changes
Region : Australia
Model : TL-WDR4300
Hardware Version : V1
Firmware Version : 130617
ISP :
Setting up firewall rules on this router needs some improvement. There are times when you need to configure Allow rules AND Deny rules and it can't be done. For example, I want to have two rules for 4 PCs on my network. The PCs are located between 192.168.1.200 and 192.168.1.203. The two basic rules are:
1. Between the hours of 1500 and 1900 I want to block access to skype (easy with a deny rule)
2. At all times, packets to and from 208.67.222.222 and 208.67.220.220 on port 53 to be allowed but all other traffic to other sites on port 53 blocked - this prevents these PCs using anything except OpenDNS's DNS servers
If you select the 4300 setting, Deny the packets specified by any enabled access control policy to pass through the Router, then #1 is easy but #2 is impossible.
If you select the 4300 setting, Allow the packets specified by any enabled access control policy to pass through the Router, then #1 is impossible but #2 is easy.
Recommendation to TP-Link. Re-write the Access Control section to be a little more sophisticated than it is. These are pretty basic rules required these days and you can't do them with this router. I do know of ways around this but they are rather ugly.
Model : TL-WDR4300
Hardware Version : V1
Firmware Version : 130617
ISP :
Setting up firewall rules on this router needs some improvement. There are times when you need to configure Allow rules AND Deny rules and it can't be done. For example, I want to have two rules for 4 PCs on my network. The PCs are located between 192.168.1.200 and 192.168.1.203. The two basic rules are:
1. Between the hours of 1500 and 1900 I want to block access to skype (easy with a deny rule)
2. At all times, packets to and from 208.67.222.222 and 208.67.220.220 on port 53 to be allowed but all other traffic to other sites on port 53 blocked - this prevents these PCs using anything except OpenDNS's DNS servers
If you select the 4300 setting, Deny the packets specified by any enabled access control policy to pass through the Router, then #1 is easy but #2 is impossible.
If you select the 4300 setting, Allow the packets specified by any enabled access control policy to pass through the Router, then #1 is impossible but #2 is easy.
Recommendation to TP-Link. Re-write the Access Control section to be a little more sophisticated than it is. These are pretty basic rules required these days and you can't do them with this router. I do know of ways around this but they are rather ugly.