[PATCH 21.02 2/2] dnsmasq: add config option for connmark DNS filtering
Etan Kissling
etan.kissling at gmail.com
Sat Jun 26 08:05:30 PDT 2021
This adds uci support to configure connmark based DNS filtering.
Signed-off-by: Etan Kissling <etan_kissling at apple.com>
(cherry picked from commit dea4bae7c2b963af02e1e3e3bdb5cd656a5ea3d3)
Signed-off-by: Etan Kissling <etan.kissling at gmail.com>
---
package/network/services/dnsmasq/files/dnsmasq.init | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 680e72f9e7..b46988f068 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -172,6 +172,10 @@ append_ipset() {
xappend "--ipset=$1"
}
+append_connmark_allowlist() {
+ xappend "--connmark-allowlist=$1"
+}
+
append_interface() {
network_get_device ifname "$1" || ifname="$1"
xappend "--interface=$ifname"
@@ -913,6 +917,14 @@ dnsmasq_start()
config_list_foreach "$cfg" "rev_server" append_rev_server
config_list_foreach "$cfg" "address" append_address
config_list_foreach "$cfg" "ipset" append_ipset
+
+ local connmark_allowlist_enable
+ config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0
+ [ "$connmark_allowlist_enable" -gt 0 ] && {
+ append_parm "$cfg" "connmark_allowlist_enable" "--connmark-allowlist-enable"
+ config_list_foreach "$cfg" "connmark_allowlist" append_connmark_allowlist
+ }
+
[ -n "$BOOT" ] || {
config_list_foreach "$cfg" "interface" append_interface
config_list_foreach "$cfg" "notinterface" append_notinterface
--
2.30.1 (Apple Git-130)
More information about the openwrt-devel
mailing list