Mirrored_Repos/unifios-utilities
1
0
Fork 0
mirror of https://github.com/unifi-utilities/unifios-utilities.git synced 2024-08-30 18:32:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 10-dns.sh

Browse Source 
Removing use masq rules that cause more issues, script cleanup
This commit is contained in:
John D 2020-07-19 22:01:54 -07:00 committed by GitHub
parent 227c01005f
commit 49e3dccf14
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
dns-common/on_boot.d/10-dns.sh
View File

@ -29,13 +29,13 @@ CONTAINER=nextdns
## network configuration and startup: ## network configuration and startup:
CNI_PATH=/mnt/data/podman/cni CNI_PATH=/mnt/data/podman/cni
if [ ! -f "$CNI_PATH"/macvlan ] if [ ! -f "$CNI_PATH"/macvlan ]; then
then
mkdir -p $CNI_PATH mkdir -p $CNI_PATH
curl -L https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-arm64-v0.8.6.tgz | tar -xz -C $CNI_PATH curl -L https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-arm64-v0.8.6.tgz | tar -xz -C $CNI_PATH
fi fi
mkdir -p /opt/cni mkdir -p /opt/cni
rm -f /opt/cni/bin
ln -s $CNI_PATH /opt/cni/bin ln -s $CNI_PATH /opt/cni/bin
for file in "$CNI_PATH"/*.conflist for file in "$CNI_PATH"/*.conflist
@ -81,17 +81,11 @@ for intfc in ${FORCED_INTFC}; do
for proto in udp tcp; do for proto in udp tcp; do
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}" prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}"
iptables -t nat -C ${prerouting_rule} || iptables -t nat -A ${prerouting_rule} iptables -t nat -C ${prerouting_rule} || iptables -t nat -A ${prerouting_rule}
postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV4_IP} -p ${proto} --dport 53 -j MASQUERADE"
iptables -t nat -C ${postrouting_rule} || iptables -t nat -A ${postrouting_rule}
# (optional) IPv6 force DNS (TCP/UDP 53) through DNS container # (optional) IPv6 force DNS (TCP/UDP 53) through DNS container
if [ -n "${IPV6_IP}" ]; then if [ -n "${IPV6_IP}" ]; then
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j DNAT --to ${IPV6_IP}" prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j DNAT --to ${IPV6_IP}"
ip6tables -t nat -C ${prerouting_rule} || ip6tables -t nat -A ${prerouting_rule} ip6tables -t nat -C ${prerouting_rule} || ip6tables -t nat -A ${prerouting_rule}
postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV6_IP} -p ${proto} --dport 53 -j MASQUERADE"
ip6tables -t nat -C ${postrouting_rule} || ip6tables -t nat -A ${postrouting_rule}
fi fi
done done
fi fi