aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
diff options
context:
space:
mode:
authorEtan Kissling <etan.kissling@gmail.com>2021-09-09 05:43:31 +0000
committerHans Dedecker <dedeckeh@gmail.com>2021-09-14 20:56:20 +0200
commit02a2b44eabf607fb5405ff0d7da4ad0748d3e1b1 (patch)
tree6428d7cc0a815f80b08a41737a1c113d45d2a681 /package/network/services
parentd2d0044ebf01b71f63cde609e09f6ac68cdfeccb (diff)
downloadupstream-02a2b44eabf607fb5405ff0d7da4ad0748d3e1b1.tar.gz
upstream-02a2b44eabf607fb5405ff0d7da4ad0748d3e1b1.tar.bz2
upstream-02a2b44eabf607fb5405ff0d7da4ad0748d3e1b1.zip
dnsmasq: add config option for connmark DNS filtering
This adds uci support to configure connmark based DNS filtering. Signed-off-by: Etan Kissling <etan_kissling@apple.com> (imported from upstream mailing list https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/015151.html) Signed-off-by: Etan Kissling <etan.kissling@gmail.com>
Diffstat (limited to 'package/network/services')
-rw-r--r--package/network/services/dnsmasq/files/dnsmasq.init12
1 files changed, 12 insertions, 0 deletions
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 205bfb4cf6..9748c09b8e 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -173,6 +173,10 @@ append_ipset() {
xappend "--ipset=$1"
}
+append_connmark_allowlist() {
+ xappend "--connmark-allowlist=$1"
+}
+
append_interface() {
network_get_device ifname "$1" || ifname="$1"
xappend "--interface=$ifname"
@@ -938,6 +942,14 @@ dnsmasq_start()
config_list_foreach "$cfg" "rev_server" append_rev_server
config_list_foreach "$cfg" "address" append_address
config_list_foreach "$cfg" "ipset" append_ipset
+
+ local connmark_allowlist_enable
+ config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0
+ [ "$connmark_allowlist_enable" -gt 0 ] && {
+ append_parm "$cfg" "connmark_allowlist_enable" "--connmark-allowlist-enable"
+ config_list_foreach "$cfg" "connmark_allowlist" append_connmark_allowlist
+ }
+
[ -n "$BOOT" ] || {
config_list_foreach "$cfg" "interface" append_interface
config_list_foreach "$cfg" "notinterface" append_notinterface