Flint 2 AdGuardHome Authentication & Block WAN

wrt · December 12, 2023, 3:07pm

I have the Flint 2 and enabled AdGuardHome but noticed it has no authentication, I tried copying my current AdGuardHome users in the yaml to the config.yaml and still nothing. Is there I can enable it?

#2 problem, I want to block internet access for a camera I have, I want it to still have LAN access just not WAN. When I did the Block in the clients, it blocked LAN/WAN.

admon · December 12, 2023, 3:24pm

Since AGH is a custom integration made by GL.iNet it’s not possible to use the built-in authentication in AGH.

You could, of course - since it’s OpenWrt, modify the AGH authentication; but this is behind of scope of this forum.

You could utilize the firewall within OpenWrt to achieve that.

wrt · December 13, 2023, 1:51am

I figured out how to do it. Install AdGuardHome via the applications.
Set it to up on port 3053 for DNS

Network > Firewall > Port Forwards
Protocol: TCP, UDP
Source zone: lan
External port: 53
Destination zone: lan
Internal IP address: 192.168.8.1 (router IP)
Internal port: 3053

That forwards all DNS from port 53 to 3053 (you can change this to any port)

To block WAN and allow LAN.
Network > Firewall > Traffic Rules
Protocol: TCP, UDP
Source zone: lan
Source address: (select all the IPs you want to block)
Source port: any
Destination zone: wan
Destination address:
Destination port: any
Action: drop

I still think the builtin AdGuardHome should have authentication, otherwise, anyone can login and mess with it.

admon · December 13, 2023, 6:03am

It has since you need to login into GL GUI before.

But I don’t get what you are trying to do. Why do you forward the internal DNS port?

wrt · December 13, 2023, 8:19am

Thank you. Didn’t even realise that. Just tested it out and you are correct. I just assumed it was open since it didn’t ask for authentication.

Without editing the firewall can you block WAN access via the GL UI?

admon · December 13, 2023, 8:22am

Not that I am aware, no.

wrt · December 13, 2023, 8:28am

Thank you. In that case I will go with the Traffic Rules for this. I will look into requesting this as a feature in that case.

I can see a problem with the builtin AdGuardHome. The leases.json doesn’t exist so I need to recreate the DHCP static leases again

wrt · December 14, 2023, 2:44pm

Do this if you use AdGuardHome DHCP Static Leases, if not, you don’t need to worry about it.
After the firmware update, it wiped the leases.json. I removed the builtin AdGuard. Installed it from the Applications.

Turns out if you install from the Application, the leases get deleted as /var is /tmp in OpenWRT.
You can get around it by doing this (i have nano installed, you can use vim)

SSH into Flint 2
mkdir /etc/AdGuardHomeCustom
nano /etc/config/adguardhome

Add this:
option workdir /etc/AdGuardHomeCustom

Exit it
service adguardhome restart

This will now save the working directory to another location which will not get wiped after a reboot.

This is to make sure when you backup Flint 2, it can backup the new AdGuard location

Go to https://192.168.8.1/cgi-bin/luci/admin/system/flash
Click Configuration
Enter /etc/AdGuardHomeCustom in the text box and click Save

If you now do a backup, you can see the folder in there