Browse Source

more firewall changes

Matt Clark 5 years ago
parent
commit
a9be15700a
2 changed files with 12 additions and 15 deletions
  1. 9 12
      adblock
  2. 3 3
      adblock.conf

+ 9 - 12
adblock

@@ -51,7 +51,7 @@ fi
 #
 # Update dnsmasq if needed
 #
-grep addn-hosts $dnsmasq &> /dev/null
+grep "addn-hosts=$dbFile" $dnsmasq &> /dev/null
 if [ $? -eq 0 ]; then
 
 	echo "dnsmasq up-to-date."
@@ -76,27 +76,24 @@ dnsmasq --conf-file=$dnsmasq
 #
 # Update firewall if needed
 #
-iptables -vnL FORWARD | grep 99.99.99.99 &> /dev/null
+iptables -vnL FORWARD | grep $blackhole &> /dev/null
 if [ $? -eq 0 ]; then
 
-	echo "Firewall block up-to-date."
+	echo "Firewall FORWARD rule up-to-date."
 else
 
-	echo "Applying firewall block rule..."
-	iptables -I FORWARD -d 99.99.99.99 -j REJECT
+	echo "Applying FORWARD firewall rule..."
+	iptables -I FORWARD -d $blackhole -j REJECT
 fi
 
-#
-# Update firewall if needed
-#
-iptables -t nat -vnL OUTPUT | grep 53 &> /dev/null
+iptables -vnL OUTPUT | grep $blackhole &> /dev/null
 if [ $? -eq 0 ]; then
 
-	echo "Firewall dns rule up-to-date."
+	echo "Firewall OUTPUT rule up-to-date."
 else
 
-	echo "Applying firewall dns rule..."
-	iptables -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
+	echo "Applying OUTPUT firewall rule..."
+	iptables -I OUTPUT -d $blackhole -j REJECT
 fi
 
 

+ 3 - 3
adblock.conf

@@ -13,10 +13,10 @@ dbFile=/opt/adblock/dbs/blacklist
 #
 # Dnsmasq file
 #
-dnsmasq=/tmp/dnsmasq.conf
+dnsmasq=/etc/dnsmasq.conf
 
 #
-# Log file
+# Blackhole
 #
-logFile=/opt/adblock/adblock.log
+blackhole=99.99.99.99