Fix: wireguard DNS and preserve first address in range for DNS

xtrime-ru · Sep 20, 2024 · b93ac64 · b93ac64
1 parent d5998be
commit b93ac64
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 7 deletions.
diff --git a/rootfs/etc/ferm/ferm.conf b/rootfs/etc/ferm/ferm.conf
@@ -23,14 +23,14 @@ domain (ip ip6) {
 @def $VPNTCP_RANGE = 192.168.104.0/22;
 @def $VPNTCP_DNS   = 192.168.104.1/32;
 @def $DOCKER_RANGE = 172.0.0.0/8;
-@def $DOCKER_DNS   = 10.0.0.1/32;
+@def $DOCKER_DNS   = 10.224.0.1/32;
 
 @def $DNSMAP_RANGE = 10.224.0.0/15;
 
 @def $EXT_INTERFACE = (host0 eth0);
 
 table filter {
-		chain azvpnwhitelist {
+	chain azvpnwhitelist {
 		daddr $WHITELIST ACCEPT;
 	}
 	chain FORWARD {
@@ -52,7 +52,7 @@ table nat {
 		# DNS redirection
 		saddr $VPNUDP_RANGE daddr ! $VPNUDP_DNS proto udp dport 53 mod u32 u32 '0x1C & 0xFFCF = 0x0100 && 0x1E & 0xFFFF = 0x0001' REDIRECT to-ports 53;
 		saddr $VPNTCP_RANGE daddr ! $VPNTCP_DNS proto udp dport 53 mod u32 u32 '0x1C & 0xFFCF = 0x0100 && 0x1E & 0xFFFF = 0x0001' REDIRECT to-ports 53;
-		saddr $DOCKER_RANGE daddr ! $DOCKER_DNS proto udp dport 53 mod u32 u32 '0x1C & 0xFFCF = 0x0100 && 0x1E & 0xFFFF = 0x0001' REDIRECT to-ports 53;
+		saddr $DOCKER_RANGE proto udp dport 53 mod u32 u32 '0x1C & 0xFFCF = 0x0100 && 0x1E & 0xFFFF = 0x0001' REDIRECT to-ports 53;
 
 		# dnsmap
 		saddr $VPNUDP_RANGE daddr $VPNUDP_DNS ACCEPT;

diff --git a/rootfs/init.sh b/rootfs/init.sh
@@ -12,10 +12,9 @@ function postrun () {
 # resolve domain address to ip address
 
 function resolve () {
-    # $1 domain/ip address, $2 fallback domain/ip address
+    # $1 domain/ip address, $2 fallback ip address
     ipcalc () { ipcalc-ng --no-decorate -o $1 2> /dev/null; }
-    local ipaddr=$(ipcalc $1 || ipcalc $2)
-    echo ${ipaddr:-127.0.0.11} # fallback to docker internal dns
+    echo "$(ipcalc $1 || echo $2)"
 }
 
 
@@ -107,7 +106,7 @@ OPENVPN_SCRAMBLE=${OPENVPN_SCRAMBLE:-0}
 OPENVPN_TLS_CRYPT=${OPENVPN_TLS_CRYPT:-0}
 OPENVPN_OPTIMIZATIONS=${OPENVPN_OPTIMIZATIONS:-0}
 OPENVPN_MTU=${OPENVPN_MTU:-0}
-DNS=$(resolve $DNS)
+DNS=$(resolve $DNS 127.0.0.11)
 DNS_RU=$(resolve $DNS_RU 77.88.8.8)
 ADGUARD=${ADGUARD:-0}
 LOG_DNS=${LOG_DNS:-0}

diff --git a/rootfs/root/antizapret/dnsmap.py b/rootfs/root/antizapret/dnsmap.py
@@ -39,6 +39,9 @@ def __init__(self,address,port,timeout,iprange,tablename='dnsmap'):
         self.port = port
         self.timeout = timeout
         self.unassigned_addresses = deque([str(x) for x in IPv4Network(iprange).hosts()])
+        # preserve first address from range for DNS
+        del self.unassigned_addresses[0]
+
         self.ipmap = {}
         self.tablename = tablename