unifios-utilities/nextdns/udm-files/on_boot.sh

#!/bin/sh

mkdir -p /opt/cni
ln -s /mnt/data/podman/cni/ /opt/cni/bin
ln -s /mnt/data/podman/cni/20-dns.conflist  /etc/cni/net.d/20-dns.conflist

# Assumes your Podman network made in the controller is on VLAN 5
# Adjust the IP to match the address in your cni configuration
ip link set br5 promisc on

ip link add br5.mac link br5 type macvlan mode bridge
ip addr add 10.0.5.1/24 dev br5.mac noprefixroute
ip link set br5.mac promisc on
ip link set br5.mac up

ip route add 10.0.5.3/32 dev br5.mac

# Remove the # on the line below when Docker container is deployed.
#podman start nextdns

# optional if you dont want to force everything through nextdns. also add anymore bridges for other networks (br5, 10 etc), un comment if you want to use them
# iptables -t nat -C PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
# iptables -t nat -C PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
# iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0  -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE
# iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0  -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE
Next DNS 2020-06-05 03:50:14 +00:00			`#!/bin/sh`

			`mkdir -p /opt/cni`
			`ln -s /mnt/data/podman/cni/ /opt/cni/bin`
			`ln -s /mnt/data/podman/cni/20-dns.conflist /etc/cni/net.d/20-dns.conflist`

			`# Assumes your Podman network made in the controller is on VLAN 5`
			`# Adjust the IP to match the address in your cni configuration`
Add promisc to on_boot.sh 2020-06-13 08:58:29 +00:00			`ip link set br5 promisc on`
Update method for macvlan, reducing IP clutter 2020-06-17 14:02:49 +00:00
			`ip link add br5.mac link br5 type macvlan mode bridge`
			`ip addr add 10.0.5.1/24 dev br5.mac noprefixroute`
Add promisc to on_boot.sh 2020-06-13 08:58:29 +00:00			`ip link set br5.mac promisc on`
Next DNS 2020-06-05 03:50:14 +00:00			`ip link set br5.mac up`
Update method for macvlan, reducing IP clutter 2020-06-17 14:02:49 +00:00
			`ip route add 10.0.5.3/32 dev br5.mac`

Cleaning up directions on container starts 2020-06-14 15:47:56 +00:00			`# Remove the # on the line below when Docker container is deployed.`
			`#podman start nextdns`
Final NextDNS changes 2020-06-05 04:46:20 +00:00
Removing iptables DNAT by default. 2020-06-14 16:30:44 +00:00			`# optional if you dont want to force everything through nextdns. also add anymore bridges for other networks (br5, 10 etc), un comment if you want to use them`
			`# iptables -t nat -C PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 \|\| iptables -t nat -A PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3`
			`# iptables -t nat -C PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 \|\| iptables -t nat -A PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3`
			`# iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE \|\| iptables -t nat -A POSTROUTING -o br0 -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE`
			`# iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE \|\| iptables -t nat -A POSTROUTING -o br0 -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE`