Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:firewall:fw3_configurations:bridge [2023/09/17 16:33] – [Command-line instructions] add comment vgaetera | docs:guide-user:firewall:fw3_configurations:bridge [2023/10/14 05:41] – use service invocation vgaetera | ||
|---|---|---|---|
| Line 11: | Line 11: | ||
| ===== Command-line instructions ===== | ===== Command-line instructions ===== | ||
| + | Assuming a setup with bridged LAN and WAN interfaces. | ||
| Install the required packages. | Install the required packages. | ||
| - | Set up [[docs: | + | Enable bridge firewall intercepting DNS queries |
| - | Enable bridge firewall intercepting DNS queries. | + | |
| <code bash> | <code bash> | ||
| Line 30: | Line 30: | ||
| nft add table bridge filter | nft add table bridge filter | ||
| nft flush table bridge filter | nft flush table bridge filter | ||
| + | nft add chain bridge filter prerouting \ | ||
| + | { type filter hook prerouting priority dstnat\; } | ||
| + | nft add rule bridge filter prerouting meta \ | ||
| + | l4proto { tcp, udp } th dport 53 pkttype set host \ | ||
| + | ether daddr set " | ||
| nft add chain bridge filter forward \ | nft add chain bridge filter forward \ | ||
| - | { type filter hook prerouting | + | { type filter hook forward |
| - | nft add rule bridge filter forward | + | nft add rule bridge filter forward |
| - | set host ether daddr set "${NET_MAC}" | + | oifname |
| - | nft add rule bridge filter forward udp dport 53 meta pkttype | + | |
| - | set host ether daddr set "${NET_MAC}" comment "Intercept-DNS" | + | |
| EOF | EOF | ||
| uci -q delete firewall.bridge | uci -q delete firewall.bridge | ||
| Line 41: | Line 44: | ||
| uci set firewall.bridge.path="/ | uci set firewall.bridge.path="/ | ||
| uci commit firewall | uci commit firewall | ||
| - | / | + | service |
| </ | </ | ||
| + | |||
| + | Set up [[docs: | ||
| ===== Testing ===== | ===== Testing ===== | ||
| - | Use [[man> | + | Use [[man> |
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| Line 52: | Line 57: | ||
| <code bash> | <code bash> | ||
| # Log and status | # Log and status | ||
| - | / | + | service |
| # Runtime configuration | # Runtime configuration | ||
| Line 61: | Line 66: | ||
| uci show firewall | uci show firewall | ||
| </ | </ | ||
| + | |||
| + | ===== Extras ===== | ||
| + | ==== References ==== | ||
| + | * [[https:// | ||
| + | * [[https:// | ||