From 9b59c1e4af38195935c52b2378d18c70ba8dccb2 Mon Sep 17 00:00:00 2001
From: actions <action@github.com>
Date: Fri, 26 Jul 2024 21:00:07 +0800
Subject: [PATCH] luci-app-passwall: sync upstream

last commit: https://github.com/xiaorouji/openwrt-passwall/commit/454aafd5b2a19a3379aa3fbcf4cfb3d2fa5ebb01
---
 luci-app-passwall/root/usr/share/passwall/iptables.sh | 5 ++++-
 luci-app-passwall/root/usr/share/passwall/nftables.sh | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh
index 93ec84c12..beb469d8b 100755
--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -1112,12 +1112,15 @@ add_firewall_rule() {
 		insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW) -m mark --mark 1 -j RETURN"
 
 		[ $(config_t_get global dns_redirect "0") = "1" ] && {
-			$ipt_m -A PSW -p udp --dport 53 -j RETURN	
+			$ipt_m -A PSW -p udp --dport 53 -j RETURN
+			$ipt_m -A PSW -p tcp --dport 53 -j RETURN
 			$ip6t_m -A PSW -p udp --dport 53 -j RETURN
+			$ip6t_m -A PSW -p tcp --dport 53 -j RETURN
 			$ipt_n -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
 			$ipt_n -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
 			$ip6t_n -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
 			$ip6t_n -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
+			echolog "  - 开启 DNS 重定向"
 		}
 
 	}
diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh
index 9281f4116..9ea91502a 100755
--- a/luci-app-passwall/root/usr/share/passwall/nftables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh
@@ -1155,14 +1155,17 @@ add_firewall_rule() {
 		nft "add rule inet fw4 mangle_output meta mark 1 counter return comment \"PSW_OUTPUT_MANGLE\""
 
 		[ $(config_t_get global dns_redirect "0") = "1" ] && {
-			nft "add rule inet fw4 PSW_MANGLE ip protocol udp udp dport 53 counter return"	
+			nft "add rule inet fw4 PSW_MANGLE ip protocol udp udp dport 53 counter return"
+			nft "add rule inet fw4 PSW_MANGLE ip protocol tcp tcp dport 53 counter return"
 			nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp udp dport 53 counter return"
+			nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp tcp dport 53 counter return"
 			nft insert rule inet fw4 dstnat position 0 tcp dport 53 counter redirect to :53 comment \"PSW_DNS_Hijack\" 2>/dev/null
 			nft insert rule inet fw4 dstnat position 0 udp dport 53 counter redirect to :53 comment \"PSW_DNS_Hijack\" 2>/dev/null
 			nft insert rule inet fw4 dstnat position 0 meta nfproto {ipv6} tcp dport 53 counter redirect to :53 comment \"PSW_DNS_Hijack\" 2>/dev/null
 			nft insert rule inet fw4 dstnat position 0 meta nfproto {ipv6} udp dport 53 counter redirect to :53 comment \"PSW_DNS_Hijack\" 2>/dev/null
 			uci -q set dhcp.@dnsmasq[0].dns_redirect='0' 2>/dev/null
 			uci commit dhcp 2>/dev/null
+			echolog "  - 开启 DNS 重定向"
 		}
 	}