mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Put DNS rule higher up in chain

Browse source
This commit is contained in:
Armen Boursalian 2018-08-23 22:44:48 -07:00
parent d206a6430d
commit bb2ca3887c
1 changed files with 21 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
daemon/firewall/rules.go
View file

@ -32,6 +32,27 @@ func RunRule(enable bool, rule []string) (err error) {
// INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
func QueueDNSResponses(enable bool, queueNum int) (err error) {
// If enable, we're going to insert as #1, not append
if enable {
// FIXME: this is basically copy/paste of RunRule() above b/c we can't
// shoehorn "-I" with the boolean 'enable' switch
rule := []string{
"-I",
"INPUT",
"1",
"--protocol", "udp",
"--sport", "53",
"-j", "NFQUEUE",
"--queue-num", fmt.Sprintf("%d", queueNum),
"--queue-bypass",
}
lock.Lock()
defer lock.Unlock()
_, err := core.Exec("iptables", rule)
return err
}
// Otherwise, it's going to be disable
return RunRule(enable, []string{
"INPUT",
"--protocol", "udp",