From dea4bae7c2b963af02e1e3e3bdb5cd656a5ea3d3 Mon Sep 17 00:00:00 2001 From: Etan Kissling Date: Sat, 26 Jun 2021 12:11:49 +0000 Subject: [PATCH] dnsmasq: add config option for connmark DNS filtering This adds uci support to configure connmark based DNS filtering. Signed-off-by: Etan Kissling (See https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/015151.html) Signed-off-by: Etan Kissling --- package/network/services/dnsmasq/files/dnsmasq.init | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 44e7d2d4f90..3e06218a430 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -172,6 +172,10 @@ append_ipset() { xappend "--ipset=$1" } +append_connmark_allowlist() { + xappend "--connmark-allowlist=$1" +} + append_interface() { network_get_device ifname "$1" || ifname="$1" xappend "--interface=$ifname" @@ -913,6 +917,14 @@ dnsmasq_start() config_list_foreach "$cfg" "rev_server" append_rev_server config_list_foreach "$cfg" "address" append_address config_list_foreach "$cfg" "ipset" append_ipset + + local connmark_allowlist_enable + config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0 + [ "$connmark_allowlist_enable" -gt 0 ] && { + append_parm "$cfg" "connmark_allowlist_enable" "--connmark-allowlist-enable" + config_list_foreach "$cfg" "connmark_allowlist" append_connmark_allowlist + } + [ -n "$BOOT" ] || { config_list_foreach "$cfg" "interface" append_interface config_list_foreach "$cfg" "notinterface" append_notinterface -- 2.30.2