I am using a cam in my LAN (192.168.0.19). I want to limit traffic from this cam to LAN only. I have two pi-holes as DNS (192.168.0.2, 192.168.0.3)
i allready blocked the traffic to WAN with
You didn’t write about netmasks, but it looks like cam and pi-holes are in same LAN, so they are probably communicating directly and rules on router can’t affect that. If they are connected to different ports on router (i.e. not to same external switch), you could do something with bridge filters, but it would probably ruin hw offload for switching. Clean solution is to simply not give pi-holes as dns resolvers to cam and then you won’t need to block anything.
yes, pihole and cam is in the same network.
good idea… but how can i change the dns resolver only for the cam to the router and then block DNS requests / traffic to WAN in the firewall ?
DNS is now set in DHCP Server → Network … for all devices
Take your current entry for 192.168.0.0/24 in IP->DHCP Server->Networks, make a copy, change its Address to 192.168.0.19/32 (I assume you have static reservation for cam, create it if not), remove existing DNS servers, check No DNS option and set Netmask to 24 (or whatever the network has, but 24 is most likely).
