Update dnsf.py
This commit is contained in:
21
dnsf.py
21
dnsf.py
@@ -38,11 +38,13 @@ class watch_file():
|
|||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
dns_resolver = "DNS=9.9.9.11#dns11.quad9.net"
|
||||||
|
|
||||||
|
|
||||||
#systemd-resolved
|
#systemd-resolved
|
||||||
|
|
||||||
resolved = """
|
resolved = """
|
||||||
[Resolve]
|
[Resolve]
|
||||||
DNS=9.9.9.11#dns11.quad9.net
|
|
||||||
Domains=~.
|
Domains=~.
|
||||||
DNSSEC=true
|
DNSSEC=true
|
||||||
DNSOverTLS=yes
|
DNSOverTLS=yes
|
||||||
@@ -54,6 +56,10 @@ DNSStubListener=yes
|
|||||||
|
|
||||||
with open("/etc/systemd/resolved.conf", "w") as file:
|
with open("/etc/systemd/resolved.conf", "w") as file:
|
||||||
file.write(resolved)
|
file.write(resolved)
|
||||||
|
|
||||||
|
with open("/etc/systemd/resolved.conf", "a") as file:
|
||||||
|
file.write(dns_resolver)
|
||||||
|
|
||||||
print('wrote systemd-resolved config.')
|
print('wrote systemd-resolved config.')
|
||||||
run('systemctl restart systemd-resolved')
|
run('systemctl restart systemd-resolved')
|
||||||
|
|
||||||
@@ -61,20 +67,15 @@ BPF_APP = r'''
|
|||||||
#include <linux/if_ether.h>
|
#include <linux/if_ether.h>
|
||||||
#include <linux/in.h>
|
#include <linux/in.h>
|
||||||
#include <bcc/proto.h>
|
#include <bcc/proto.h>
|
||||||
|
|
||||||
int dns_matching(struct __sk_buff *skb) {
|
int dns_matching(struct __sk_buff *skb) {
|
||||||
u8 *cursor = 0;
|
u8 *cursor = 0;
|
||||||
// Checking the IP protocol:
|
|
||||||
struct ethernet_t *ethernet = cursor_advance(cursor, sizeof(*ethernet));
|
struct ethernet_t *ethernet = cursor_advance(cursor, sizeof(*ethernet));
|
||||||
|
|
||||||
if (ethernet->type == ETH_P_IP) {
|
if (ethernet->type == ETH_P_IP) {
|
||||||
// Checking the UDP protocol:
|
// Checking that proto is UDP:
|
||||||
struct ip_t *ip = cursor_advance(cursor, sizeof(*ip));
|
struct ip_t *ip = cursor_advance(cursor, sizeof(*ip));
|
||||||
|
|
||||||
if (ip->nextp == IPPROTO_UDP) {
|
if (ip->nextp == IPPROTO_UDP) {
|
||||||
// Check the port 53:
|
// Check if the port is 53:
|
||||||
struct udp_t *udp = cursor_advance(cursor, sizeof(*udp));
|
struct udp_t *udp = cursor_advance(cursor, sizeof(*udp));
|
||||||
|
|
||||||
if (udp->dport == 53 || udp->sport == 53) {
|
if (udp->dport == 53 || udp->sport == 53) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -104,8 +105,6 @@ iptables -A OUTPUT -j REJECT
|
|||||||
iptables -P INPUT DROP
|
iptables -P INPUT DROP
|
||||||
iptables -P FORWARD DROP
|
iptables -P FORWARD DROP
|
||||||
iptables -P OUTPUT DROP
|
iptables -P OUTPUT DROP
|
||||||
mkdir -p /etc/iptables/
|
|
||||||
iptables-save > /etc/iptables/rules.v4
|
|
||||||
'''
|
'''
|
||||||
|
|
||||||
#iptables -A OUTPUT -d 127.0.0.0/8 -j ACCEPT
|
#iptables -A OUTPUT -d 127.0.0.0/8 -j ACCEPT
|
||||||
@@ -128,8 +127,6 @@ cnames = {}
|
|||||||
current_cnames = {}
|
current_cnames = {}
|
||||||
blocked = []
|
blocked = []
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def threaded(threadedfunc, inputd, threads=4):
|
def threaded(threadedfunc, inputd, threads=4):
|
||||||
inputd = [x if isinstance(x,tuple) else tuple([x]) for x in inputd]
|
inputd = [x if isinstance(x,tuple) else tuple([x]) for x in inputd]
|
||||||
import os
|
import os
|
||||||
|
|||||||
Reference in New Issue
Block a user