iptables rules to remap DNS server

This commit is contained in:
Vladimir Avtsenov 2024-08-24 21:26:49 +03:00
parent 3b473565e2
commit 25b3c678f3
4 changed files with 62 additions and 7 deletions

View File

@ -5,7 +5,7 @@ Better implementation of [KVAS](https://github.com/qzeleza/kvas)
Roadmap: Roadmap:
- [x] DNS Proxy - [x] DNS Proxy
- [x] DNS Records table - [x] DNS Records table
- [ ] IPTables rules to remap DNS server [1] - [x] IPTables rules to remap DNS server [1]
- [ ] Rule composer - [ ] Rule composer
- [ ] List loading/watching (temporary) - [ ] List loading/watching (temporary)
- [ ] IPSet integration - [ ] IPSet integration

View File

@ -3,6 +3,7 @@ package dnsProxy
import ( import (
"encoding/hex" "encoding/hex"
"fmt" "fmt"
"github.com/coreos/go-iptables/iptables"
"log" "log"
"net" "net"
"time" "time"
@ -23,7 +24,23 @@ type DNSProxy struct {
} }
func (p DNSProxy) Close() error { func (p DNSProxy) Close() error {
return p.udpConn.Close() ipt, err := iptables.New()
if err != nil {
log.Fatalf("iptables init fail: %v", err)
}
err = ipt.DeleteIfExists("nat", "PREROUTING", "-j", "KVAS2_DNSOVERRIDE")
if err != nil {
log.Fatalf("failed to attaching chain: %v", err)
}
err = ipt.ClearAndDeleteChain("nat", "KVAS2_DNSOVERRIDE")
if err != nil {
log.Fatalf("failed to delete chain: %v", err)
}
return nil
//return p.udpConn.Close()
} }
func (p DNSProxy) sendToUpstream(isTCP bool, request []byte) ([]byte, error) { func (p DNSProxy) sendToUpstream(isTCP bool, request []byte) ([]byte, error) {
@ -90,6 +107,26 @@ func (p DNSProxy) handleDNSRequest(clientAddr *net.UDPAddr, buffer []byte) {
func (p DNSProxy) Listen() error { func (p DNSProxy) Listen() error {
var err error var err error
ipt, err := iptables.New()
if err != nil {
log.Fatalf("iptables init fail: %v", err)
}
err = ipt.ClearChain("nat", "KVAS2_DNSOVERRIDE")
if err != nil {
log.Fatalf("failed to clean chain: %v", err)
}
err = ipt.AppendUnique("nat", "KVAS2_DNSOVERRIDE", "-p", "udp", "--dport", "53", "-j", "REDIRECT", "--to-port", "7548")
if err != nil {
log.Fatalf("failed to create rule: %v", err)
}
err = ipt.InsertUnique("nat", "PREROUTING", 1, "-j", "KVAS2_DNSOVERRIDE")
if err != nil {
log.Fatalf("failed to attaching chain: %v", err)
}
udpAddr, err := net.ResolveUDPAddr("udp", p.listenAddr) udpAddr, err := net.ResolveUDPAddr("udp", p.listenAddr)
if err != nil { if err != nil {
return fmt.Errorf("failed to resolve UDP address: %v", err) return fmt.Errorf("failed to resolve UDP address: %v", err)

2
go.mod
View File

@ -1,3 +1,5 @@
module kvas2-go module kvas2-go
go 1.21 go 1.21
require github.com/coreos/go-iptables v0.7.0

18
main.go
View File

@ -5,6 +5,9 @@ import (
dnsProxy "kvas2-go/dns-proxy" dnsProxy "kvas2-go/dns-proxy"
ruleComposer "kvas2-go/rule-composer" ruleComposer "kvas2-go/rule-composer"
"log" "log"
"os"
"os/signal"
"syscall"
) )
var ( var (
@ -46,9 +49,22 @@ func main() {
} }
} }
} }
go func() {
err := proxy.Listen() err := proxy.Listen()
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }
defer proxy.Close() }()
c := make(chan os.Signal, 1)
signal.Notify(c, os.Interrupt, syscall.SIGTERM)
for {
select {
case <-c:
proxy.Close()
return
}
}
} }