net/family-dns/files/family-dns-update

   1 #!/bin/sh
   2 #
   3 # Copyright (c) 2020 Gregory L. Dietsche <Gregory.Dietsche@cuw.edu>
   4 # This is free software, licensed under the MIT License
   5 #
   6 . /lib/functions.sh
   7
   8 config_load 'family-dns'
   9 config_get_bool enabled default enabled 0
  10 config_get_bool redirect_dns default redirect_dns 0
  11 config_get dns default dns default
  12
  13 #uninstall and disable are designed to be equivalent.
  14 if [ "$1" = "uninstall" ] ; then
  15   enabled=0
  16 fi
  17
  18 # Set OpenWrt Defaults
  19 uci -q batch <<-EOT
  20   set network.wan.peerdns='1'
  21   set network.wan6.peerdns='1'
  22   delete network.wan.dns
  23   delete network.wan6.dns
  24   delete firewall.family_dns_lan
  25 EOT
  26
  27 if [ "$enabled" -ne 1 ] ; then
  28   echo 'Activating Default ISP DNS server(s)'
  29 else
  30   # We don't want to use ISP DNS servers because they don't filter queries
  31   uci set network.wan.peerdns='0'
  32   uci set network.wan6.peerdns='0'
  33
  34   # Configure the DNS server(s) that will handle filtering.
  35   echo "Activating $dns"
  36   case $dns in
  37     cleanbrowsing-adult-filter)
  38       uci add_list network.wan.dns=185.228.168.10
  39       uci add_list network.wan.dns=185.228.169.11
  40       uci add_list network.wan6.dns=2a0d:2a00:1::1
  41       uci add_list network.wan6.dns=2a0d:2a00:2::1
  42       ;;
  43     cleanbrowsing-family-filter)
  44       uci add_list network.wan.dns=185.228.168.168
  45       uci add_list network.wan.dns=185.228.169.168
  46       uci add_list network.wan6.dns=2a0d:2a00:1::
  47       uci add_list network.wan6.dns=2a0d:2a00:2::
  48       ;;
  49     cloudflare-malware-and-adult-content)
  50       uci add_list network.wan.dns=1.1.1.3
  51       uci add_list network.wan.dns=1.0.0.3
  52       uci add_list network.wan6.dns=2606:4700:4700::1113
  53       uci add_list network.wan6.dns=2606:4700:4700::1003
  54       ;;
  55     cisco-family-shield)
  56       uci add_list network.wan.dns=208.67.222.123
  57       uci add_list network.wan.dns=208.67.220.123
  58       uci add_list network.wan6.dns=::ffff:d043:de7b
  59       uci add_list network.wan6.dns=::ffff:d043:dc7b
  60       ;;
  61     *)
  62       echo "$dns" is not supported.
  63       uci revert network
  64       redirect_dns=0
  65       ;;
  66   esac
  67
  68   if [ "$redirect_dns" -eq 1 ] ; then
  69     echo Activating DNS redirect
  70     zone=lan
  71     ip=$(uci get network.$zone.ipaddr)
  72
  73     uci -q batch <<-EOT
  74     set firewall.family_dns_lan=redirect
  75     add_list firewall.family_dns_lan.proto='tcp'
  76     add_list firewall.family_dns_lan.proto='udp'
  77     set firewall.family_dns_lan.src_dport='53'
  78     set firewall.family_dns_lan.dest_ip='$ip'
  79     set firewall.family_dns_lan.target='DNAT'
  80     set firewall.family_dns_lan.src='$zone'
  81     set firewall.family_dns_lan.dest='$zone'
  82     set firewall.family_dns_lan.name='family-dns redirect for $zone zone'
  83 EOT
  84   fi
  85 fi
  86
  87 uci -q batch <<-EOT
  88   commit network
  89   commit firewall
  90 EOT
  91
  92 /etc/init.d/network reload
  93 /etc/init.d/dnsmasq reload
  94 /etc/init.d/firewall reload 2>/dev/null
  95