feat(fw4/post): improve dns hihack

only hijack dns traffic from specified interfaces if listen_interfaces is set. Signed-off-by: Tianling Shen <[email protected]>
immortalwrt · Dec 14, 2024 · 856f09d · 856f09d
1 parent 32bf79f
commit 856f09d
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/root/etc/homeproxy/scripts/firewall_post.ut b/root/etc/homeproxy/scripts/firewall_post.ut
@@ -254,6 +254,9 @@ set homeproxy_routing_port {
 {# DNS hijack & TCP redirect #}
 chain dstnat {
 {% if (dns_hijacked !== '1'): %}
+	{% if (control_info.listen_interfaces): %}
+	meta iifname {{ array_to_nftarr(control_info.listen_interfaces) }}
+	{%- endif /* listen_interfaces */ %}
 	meta nfproto { ipv4, ipv6 } udp dport 53 counter redirect to :{{ dns_port }} comment "!{{ cfgname }}: DNS hijack"
 {% endif /* dns_hijacked */ %}
 {% if (match(proxy_mode, /redirect/)): %}