zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-passwall: sync upstream

Browse Source 
last commit: 454aafd5b2
This commit is contained in:
actions 2024-07-26 21:00:07 +08:00
parent 250d812fd9
commit 9b59c1e4af
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -1113,11 +1113,14 @@ add_firewall_rule() {
[ $(config_t_get global dns_redirect "0") = "1" ] && {
$ipt_m -A PSW -p udp --dport 53 -j RETURN
$ipt_m -A PSW -p tcp --dport 53 -j RETURN
$ip6t_m -A PSW -p udp --dport 53 -j RETURN
$ip6t_m -A PSW -p tcp --dport 53 -j RETURN
$ipt_n -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
$ipt_n -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
$ip6t_n -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
$ip6t_n -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "PSW_DNS_Hijack" 2>/dev/null
echolog " - 开启 DNS 重定向"
}
}

3
luci-app-passwall/root/usr/share/passwall/nftables.sh
View File

@ -1156,13 +1156,16 @@ add_firewall_rule() {
[ $(config_t_get global dns_redirect "0") = "1" ] && {
nft "add rule inet fw4 PSW_MANGLE ip protocol udp udp dport 53 counter return"
nft "add rule inet fw4 PSW_MANGLE ip protocol tcp tcp dport 53 counter return"
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp udp dport 53 counter return"
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp tcp dport 53 counter return"
nft insert rule inet fw4 dstnat position 0 tcp dport 53 counter redirect to :53 comment \"PSW_DNS_Hijack\" 2>/dev/null
nft insert rule inet fw4 dstnat position 0 udp dport 53 counter redirect to :53 comment \"PSW_DNS_Hijack\" 2>/dev/null
nft insert rule inet fw4 dstnat position 0 meta nfproto {ipv6} tcp dport 53 counter redirect to :53 comment \"PSW_DNS_Hijack\" 2>/dev/null
nft insert rule inet fw4 dstnat position 0 meta nfproto {ipv6} udp dport 53 counter redirect to :53 comment \"PSW_DNS_Hijack\" 2>/dev/null
uci -q set dhcp.@dnsmasq[0].dns_redirect='0' 2>/dev/null
uci commit dhcp 2>/dev/null
echolog " - 开启 DNS 重定向"
}
}