lordwelch/router7
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix nft run

Browse Source
This commit is contained in:
Timmy Welch 2024-12-24 11:09:11 -08:00
parent 971b8f2521
commit fc2e21cfd6
3 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
internal/dns/dns.go
View File

@ -599,7 +599,7 @@ func (s *Server) handleRequest(w dns.ResponseWriter, r *dns.Msg) {
// DNS has no reply for resolving errors // DNS has no reply for resolving errors
} }
func (s *Server) getSubname(domain string, queryName string) (IP,bool) { func (s *Server) getSubname(domain string, queryName string) (IP, bool) {
name := strings.TrimSuffix(queryName, ".") name := strings.TrimSuffix(queryName, ".")
name = strings.TrimSuffix(name, ".lan") // trim lan domain name = strings.TrimSuffix(name, ".lan") // trim lan domain
name = strings.TrimSuffix(name, "."+string(s.domain)) // trim server domain name = strings.TrimSuffix(name, "."+string(s.domain)) // trim server domain
@ -607,14 +607,14 @@ func (s *Server) getSubname(domain string, queryName string) (IP,bool) {
if ip, ok := s.subname(domain, name); ok { if ip, ok := s.subname(domain, name); ok {
return ip, true return ip, true
} }
return IP{},false return IP{}, false
} }
func (s *Server) resolveSubname(domain string, q dns.Question) (dns.RR, error) { func (s *Server) resolveSubname(domain string, q dns.Question) (dns.RR, error) {
if q.Qclass != dns.ClassINET { if q.Qclass != dns.ClassINET {
return nil, nil return nil, nil
} }
ip,ok := s.getSubname(domain,q.Name) ip, ok := s.getSubname(domain, q.Name)
if q.Qtype == dns.TypeA || q.Qtype == dns.TypeAAAA /*|| q.Qtype == dns.TypeMX*/ { if q.Qtype == dns.TypeA || q.Qtype == dns.TypeAAAA /*|| q.Qtype == dns.TypeMX*/ {
if ok { if ok {
if q.Qtype == dns.TypeA && ip.IPv4.To4() != nil { if q.Qtype == dns.TypeA && ip.IPv4.To4() != nil {
@ -665,7 +665,7 @@ func (s *Server) subnameHandler(domain lcHostname) func(w dns.ResponseWriter, r
} }
// Send an authoritative NXDOMAIN for local names: // Send an authoritative NXDOMAIN for local names:
if _,ok := s.getSubname(string(domain),r.Question[0].Name);r.Question[0].Qtype == dns.TypePTR || (r.Question[0].Qtype == dns.TypeCNAME && ok) || !strings.Contains(strings.TrimSuffix(r.Question[0].Name, "."), ".") || strings.HasSuffix(r.Question[0].Name, ".lan.") { if _, ok := s.getSubname(string(domain), r.Question[0].Name); r.Question[0].Qtype == dns.TypePTR || (r.Question[0].Qtype == dns.TypeCNAME && ok) || !strings.Contains(strings.TrimSuffix(r.Question[0].Name, "."), ".") || strings.HasSuffix(r.Question[0].Name, ".lan.") {
s.promInc("local", r) s.promInc("local", r)
m := new(dns.Msg) m := new(dns.Msg)
m.SetReply(r) m.SetReply(r)

15
internal/netconfig/netconfig.go
View File

@ -1241,13 +1241,15 @@ func Apply(dir, root string, firewall bool) error {
log.Println("Applying custom firewall") log.Println("Applying custom firewall")
cmd := &exec.Cmd{ cmd := &exec.Cmd{
Path: "/user/nft", Path: "/user/nft",
Args: []string{"/user/nft", "-f/etc/firewall.nft"}, Args: []string{"/user/nft", "-ef", "/etc/firewall.nft"},
Env: os.Environ(), Env: cleanEnviron(os.Environ()),
Stdout: os.Stdout, Stdout: os.Stdout,
Stderr: os.Stderr, Stderr: os.Stderr,
} }
if err := cmd.Run(); err != nil { if err := cmd.Run(); err != nil {
appendError(fmt.Errorf("firewall: nft: %v", err)) appendError(fmt.Errorf("firewall: nft: %v", err))
} else {
log.Println("Custom firewall successfully applied:", cmd.ProcessState.ExitCode())
} }
} else { } else {
log.Println("Firewall Disabled") log.Println("Firewall Disabled")
@ -1263,3 +1265,12 @@ func Apply(dir, root string, firewall bool) error {
} }
return nil return nil
} }
func cleanEnviron(environ []string) []string {
for i, env := range environ {
if strings.Contains(env, "GOKRAZY") {
environ[i] = ""
}
}
return environ
}