An inbound only DNS forwarding rule would be pointless. All DNS queries should be originating from within the network.
EDIT
I think I see what you're getting at. Assuming that the firewall is running on the NAS vs on the router.
The OP doesn't specify, but I would assume the firewall rule would be on the router, as that makes the most sense to force all DNS requests on the network to go through the pihole.
As someone who took the plunge years ago, you just have to accept that some programs will just be unusable. There are likely alternatives, though very few will be 'drop in' replacements so to speak. So there will be a learning curve.
It's the price you pay to have full control of your system. As time goes on, it gets easier.
On one hand, I get it. You're used to Windows and want to use an environment you're used to and apps you're comfortable with.
On the other, you need to be aware that you're going to be constantly fighting an uphill battle. Microsoft doesn't care that you don't want those programs using resources, they're going to install them because it's in the best interest of their shareholders. The programs might be able to be removed using third party tools, but then you're relying on random tools found on the internet to remove bits of your operating system without hurting anything or doing anything malicious.
The data these programs gather is more valuable to Microsoft than the blowback because this is the exact stance people will take: sure it sucks that this is being forced upon me, but it's still better than leaving. So I'll either deal with it (99% if users are here) or ill find a random program and cross my fingers it does only what's on the label.
The only solution I see is to swap to something else, causing Microsoft to lose market share and thereby convincing shareholders not to force this on users.
The choice is yours.
I agree.
So the solution, OP, is to set the DNS settings on your NAS to your router's internal IP so the firewall can redirect the traffic to your new port.
I don't think anyone is advocating for turning a blind eye to Mozilla. I think the argument being made is that a monoculture for browsers is a concern that can outweigh some blunders Mozilla makes.
I'm old enough to remember what a shit show ActiveX was for web security.
Never ask a company to pick between the right thing and profit.
It's fundamentally impossible for a publicly traded company not to choose profit over 'The Right Thing', fullstop. Shareholders feel that have a fundamental right to growth, and if Google's CEO were to choose 'The Right Thing' over profit, the shareholders can oust them in favor of a CEO willing to choose profits.
Enshittification is where every public company ends up, because the line MUST go up, no other alternative is acceptable.
I can't help but see it as the foot in the door.
I understand that Mozilla needs money, but I can't make everyone who uses Firefox commit to donating money to keep them from having to do things like this to stay afloat. But them going down this path makes me not want to donate at all.
I never said I was, just that I wanted to support the browser that respects my privacy, and this move is making me reconsider it.
As long as it's open source someone will be able to find a way to turn it off, either by an addon or by patching and compiling the source code.
IMO, that's splitting a hair.
For a browser that supposedly respects user privacy, the fact that this is opt-out rather than opt-in really leaves a bad taste in my mouth.
I'm going to reconsider my monthly recurring donation to Mozilla, especially if they keep this up.
Even if law enforcement can get a warrant, unless there's a backdoor in the encryption then the data stays private. That's the whole point of encryption.
The fundamental problem is law enforcement feeling entitled to snoop on private communications with a warrant vs the inherent security flaw with making a backdoor in encrypted communications. The backdoor will eventually get exploited, either by reverse engineering/tinkering or someone leaking keys, and then encryption becomes useless. The only way encryption works is if the data can only be decrypted by one key.
Anyone else remember when TSA published a picture of the master key set for TSA approved luggage locks and people had modeled and printed replicas within hours?
In a system rigged to support one party over another.
I work for an ISP in the southeast USA as a field technician and it's dirty work sometimes. Fixing rodent damage to fiber connection boxes for businesses, placing temporary cables when underground lines get cut, working in dusty equipment closets, etc.
It's not bad or hard work most days.