Skip to content

Commit 495fbef

Browse files
AkihiroSudaAkihiroSuda
authored
Merge pull request #1658 from a-palchikov/dima/host-dns-setup
Update DNS set up script to use a dedicated chain
2 parents e773db0 + f243a75 commit 495fbef

File tree

1 file changed

+18
-17
lines changed

1 file changed

+18
-17
lines changed

pkg/cidata/cidata.TEMPLATE.d/boot/09-host-dns-setup.sh

Lines changed: 18 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,25 @@
11
#!/bin/sh
22
set -eux
33

4+
readonly chain=LIMADNS
5+
6+
chain_exists() {
7+
iptables --table nat -n --list "${chain}" >/dev/null 2>&1
8+
}
9+
410
# Wait until iptables has been installed; 35-configure-packages.sh will call this script again
511
if command -v iptables >/dev/null 2>&1; then
6-
if [ -n "${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}" ] && [ "${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}" -ne 0 ]; then
7-
# Only add the rule once
8-
if ! iptables-save | grep "udp.*${LIMA_CIDATA_SLIRP_GATEWAY}:${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}"; then
9-
iptables -t nat -A PREROUTING -d "${LIMA_CIDATA_SLIRP_DNS}" -p udp --dport 53 -j DNAT \
10-
--to-destination "${LIMA_CIDATA_SLIRP_GATEWAY}:${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}"
11-
iptables -t nat -A OUTPUT -d "${LIMA_CIDATA_SLIRP_DNS}" -p udp --dport 53 -j DNAT \
12-
--to-destination "${LIMA_CIDATA_SLIRP_GATEWAY}:${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}"
13-
fi
14-
fi
15-
if [ -n "${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}" ] && [ "${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}" -ne 0 ]; then
16-
# Only add the rule once
17-
if ! iptables-save | grep "tcp.*${LIMA_CIDATA_SLIRP_GATEWAY}:${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}"; then
18-
iptables -t nat -A PREROUTING -d "${LIMA_CIDATA_SLIRP_DNS}" -p tcp --dport 53 -j DNAT \
19-
--to-destination "${LIMA_CIDATA_SLIRP_GATEWAY}:${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}"
20-
iptables -t nat -A OUTPUT -d "${LIMA_CIDATA_SLIRP_DNS}" -p tcp --dport 53 -j DNAT \
21-
--to-destination "${LIMA_CIDATA_SLIRP_GATEWAY}:${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}"
22-
fi
12+
if ! chain_exists; then
13+
iptables --table nat --new-chain ${chain}
14+
iptables --table nat --insert PREROUTING 1 --jump "${chain}"
15+
iptables --table nat --insert OUTPUT 1 --jump "${chain}"
2316
fi
17+
18+
# Remove old rules
19+
iptables --table nat --flush ${chain}
20+
# Add rules for the existing ip:port
21+
iptables --table nat --append "${chain}" --destination "${LIMA_CIDATA_SLIRP_DNS}" --protocol udp --dport 53 --jump DNAT \
22+
--to-destination "${LIMA_CIDATA_SLIRP_GATEWAY}:${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}"
23+
iptables --table nat --append "${chain}" --destination "${LIMA_CIDATA_SLIRP_DNS}" --protocol tcp --dport 53 --jump DNAT \
24+
--to-destination "${LIMA_CIDATA_SLIRP_GATEWAY}:${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}"
2425
fi

0 commit comments

Comments
 (0)