luci-app-passwall: sync upstream

last commit: c75cb867c3

luci-app-passwall/root/usr/share/passwall/iptables.sh

@@ -698,8 +698,17 @@ filter_node() {
 }
 
 dns_hijack() {
-	$ipt_n -I PSW -p udp --dport 53 -j REDIRECT --to-ports 53
-	echolog "强制转发本机DNS端口 UDP/53 的请求[$?]"
+	[ $(config_t_get global dns_redirect "0") = "1" ] && {
+		$ipt_m -A PSW -p udp --dport 53 -j RETURN
+		$ipt_m -A PSW -p tcp --dport 53 -j RETURN
+		$ip6t_m -A PSW -p udp --dport 53 -j RETURN
+		$ip6t_m -A PSW -p tcp --dport 53 -j RETURN
+		$ipt_n -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
+		$ipt_n -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
+		$ip6t_n -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
+		$ip6t_n -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
+		echolog "  - 开启 DNS 重定向"
+	}
 }
 
 add_firewall_rule() {
@@ -1121,17 +1130,7 @@ add_firewall_rule() {
 		$ip6t_m -I OUTPUT $(comment "mangle-OUTPUT-PSW") -o lo -j RETURN
 		insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW) -m mark --mark 1 -j RETURN"
 
-		[ $(config_t_get global dns_redirect "0") = "1" ] && {
-			$ipt_m -A PSW -p udp --dport 53 -j RETURN
-			$ipt_m -A PSW -p tcp --dport 53 -j RETURN
-			$ip6t_m -A PSW -p udp --dport 53 -j RETURN
-			$ip6t_m -A PSW -p tcp --dport 53 -j RETURN
-			$ipt_n -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
-			$ipt_n -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
-			$ip6t_n -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
-			$ip6t_n -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
-			echolog "  - 开启 DNS 重定向"
-		}
+		dns_hijack
 
 	}