On 15.02.2019 12:34, Michael Tremer wrote:
On 14 Feb 2019, at 17:26, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi Michael,
On 14.02.2019 12:01, Michael Tremer wrote:
I did *not* merge this one, yet.
No problem - I'm in touch with Erik trying to help testing TFO and DoT.
Please don’t forget to share what you are doing on this list
Of course. ;-)
So far, I got the same results as Erik. But my test environment is not as extensive as his.
One important result for me: the iptables rules to prevent dns hijacking are still working.
The ones for the captive portal? Or did you have any custom rules?
I use custom rules in 'firewall.local' (Inspired by https://blog.ipfire.org/post/use-ipfire-to-protect-you-from-dnschanger):
***SNIP*** sbin/iptables -t nat -A CUSTOMPREROUTING -i green0 -p udp --dport 53 -j DNAT --to 192.168.100.254:53
/sbin/iptables -t nat -A CUSTOMPREROUTING -i green0 -p tcp --dport 53 -j DNAT --to 192.168.100.254:53
/sbin/iptables -t nat -A CUSTOMPREROUTING -i blue0 -p udp --dport 53 -j DNAT --to 192.168.101.254:53
/sbin/iptables -t nat -A CUSTOMPREROUTING -i blue0 -p tcp --dport 53 -j DNAT --to 192.168.101.254:53 ***SNAP***
I'm still testing testing under various conditions.
Best, Matthias