Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2024-12-16 03:14:26 -05:00
Code Issues Packages Projects Releases Wiki Activity
38d98ecb0d
qusal/salt/sys-wireguard/files/server/vpn/dns-hijack.nft
Ben Grande 38d98ecb0d fix: nft shebang and table names
2023-12-20 16:49:58 +01:00

25 lines
960 B
Plaintext
Executable File
Raw Blame History

#!/usr/sbin/nft -f
# vim: ft=nftables
# SPDX-FileCopyrightText: 2022 unman <unman@thirdeyesecurity.org>
# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
include /rw/config/vpn/qube-ip.nft
define vpn_dns_primary = 10.8.0.1
define vpn_dns_secondary = 10.14.0.1
chain ip qubes forward '{ policy drop; }'
insert rule ip qubes custom-forward oifgroup 1 drop
insert rule ip qubes custom-forward iifgroup 1 drop
flush chain ip qubes dnat-dns
flush chain ip6 qubes dnat-dns
add rule ip qubes dnat-dns iifgroup 2 ip daddr $qube_ip tcp dport 53 counter dnat to $vpn_dns_primary
add rule ip qubes dnat-dns iifgroup 2 ip daddr $qube_ip tcp dport 53 counter dnat to $vpn_dns_primary
add rule ip qubes dnat-dns iifgroup 2 ip daddr $qube_ip udp dport 53 counter dnat to $vpn_dns_secondary
add rule ip qubes dnat-dns iifgroup 2 ip daddr $qube_ip udp dport 53 counter dnat to $vpn_dns_secondary
Reference in New Issue View Git Blame Copy Permalink