From 8a949c77b3676280672aa5da6f0524fac183e7f5 Mon Sep 17 00:00:00 2001 From: Dengfeng Liu Date: Fri, 27 Sep 2024 14:53:19 +0800 Subject: [PATCH] improve: dns firewall rule Signed-off-by: Dengfeng Liu --- src/fw4_nft.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/fw4_nft.c b/src/fw4_nft.c index 25a80a95..59c28756 100644 --- a/src/fw4_nft.c +++ b/src/fw4_nft.c @@ -112,13 +112,13 @@ const char *nft_wifidogx_init_script[] = { }; const char *nft_wifidogx_dhcp_pass_script[] = { - "insert rule inet fw4 forward_wifidogx_unknown udp dport 67 accept", - "insert rule inet fw4 forward_wifidogx_unknown tcp dport 67 accept", + "insert rule inet fw4 forward_wifidogx_unknown udp dport 67 counter accept", + "insert rule inet fw4 forward_wifidogx_unknown tcp dport 67 counter accept", }; const char *nft_wifidogx_dns_pass_script[] = { - "insert rule inet fw4 forward_wifidogx_unknown udp dport 53 accept", - "insert rule inet fw4 forward_wifidogx_unknown tcp dport 53 accept", + "insert rule inet fw4 forward_wifidogx_unknown udp dport 53 counter accept", + "insert rule inet fw4 forward_wifidogx_unknown tcp dport 53 counter reject", }; const char *nft_wifidogx_dhcp_redirect_script[] = { @@ -128,7 +128,7 @@ const char *nft_wifidogx_dhcp_redirect_script[] = { const char *nft_wifidogx_dns_redirect_script[] = { "add rule inet wifidogx prerouting iifname $interface$ udp dport 53 counter redirect to " DNS_FORWARD_PORT_STR, - "add rule inet wifidogx prerouting iifname $interface$ tcp dport 53 counter redirect to " DNS_FORWARD_PORT_STR, + "add rule inet wifidogx prerouting iifname $interface$ tcp dport 53 counter reject", }; static void