Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2024-12-15 10:54:25 -05:00
Code Issues Packages Projects Releases Wiki Activity
5eebd789ed
qusal/salt/sys-wireguard/files/server/vpn/dns-hijack.nft
Ben Grande 5eebd789ed refactor: initial commit
2023-11-13 14:33:28 +00:00

25 lines
916 B
Plaintext
Executable File
Raw Blame History

#!/usr/bin/nft -f
# vim: ft=nftables
# SPDX-FileCopyrightText: 2022 unman <unman@thirdeyesecurity.com>
# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
include /rw/config/vpn/qubes-ip.nft
define vpn_dns1 = 10.8.0.1
define vpn_dns2 = 10.14.0.1
chain ip qubes forward '{ policy drop; }'
insert rule ip qubes custom-forward oifgroup 1 drop
insert rule ip qubes custom-forward iifgroup 1 drop
flush chain ip qubes dnat-dns
flush chain ip6 qubes dnat-dns
add rule ip qubes dnat-dns iifgroup 2 ip daddr $qubes_ip tcp dport 53 counter dnat to $vpn_dns1
add rule ip qubes dnat-dns iifgroup 2 ip daddr $qubes_ip tcp dport 53 counter dnat to $vpn_dns1
add rule ip qubes dnat-dns iifgroup 2 ip daddr $qubes_ip udp dport 53 counter dnat to $vpn_dns2
add rule ip qubes dnat-dns iifgroup 2 ip daddr $qubes_ip udp dport 53 counter dnat to $vpn_dns2
Reference in New Issue View Git Blame Copy Permalink