A collection of config files in order to easily deploy it on a Freebsd Jail.
A simple adblock dns server. Simplified version of https://vlads.me/post/setting-up-dns-adblocker-freebsd-jail/
-
csh shell (Available by default in FreeBSD)
-
wget and diff to compare files if required
root@host:/ # pkg install wget diffutils -
An empty or existing jail
- Set jail mount point with JAILMOUNTPOINT variable of dnsmasq_jail.sh script. I don' t know if it would be better to pass mountpoint as an script input arg
set JAILMOUNTPOINT = "/mnt/jails"
-
Uncoment this lines if you want to check config files difference before to copy them
##diff $CONFIGS/dnsmasq_rcd $JAILMOUNTPOINT/$JAIL/usr/local/etc/rc.d/dnsmasq ##diff $CONFIGS/dnsmasq_conf $JAILMOUNTPOINT/$JAIL/usr/local/etc/dnsmasq.conf
Just launch .sh script passing an existing jail name as argument
user@host:/ # ./dnsmasq_jail.sh jailNamePass port from jail to host with pf or prefered firewall. Example for /etc/pf.conf
dns="{53}"
rdr on $ext_if proto udp from any to any port $dns-> $jail_ipCheck config on jail
user@host:/ # jexec jail
user@jail:/ # dnsmasq --test
dnsmasq: syntax check OK.For test before launch service
On Jail
user@jail:/ # dnsmasq -d -qOn host dns query asking to jail ip
user@host:/ # drill freebsd.org @192.168.35.4
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 15521
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; freebsd.org. IN A
;; ANSWER SECTION:
freebsd.org. 3600 IN A 96.47.72.84
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 71 msec
;; SERVER: 192.168.35.4
;; WHEN: Mon Aug 9 13:53:29 2021
;; MSG SIZE rcvd: 45Finally, launch dnsquery service on jail
user@host:/ # jexec jail
user@jail:/ # service dnsmasq start
Starting dnsmasq.