[ "${dnsmasq_features#* DNSSEC }" = "$dnsmasq_features" ] || dnsmasq_has_dnssec=1
[ "${dnsmasq_features#* TFTP }" = "$dnsmasq_features" ] || dnsmasq_has_tftp=1
[ "${dnsmasq_features#* ipset }" = "$dnsmasq_features" ] || dnsmasq_has_ipset=1
+ [ "${dnsmasq_features#* nftset }" = "$dnsmasq_features" ] || dnsmasq_has_nftset=1
fi
case "$opt" in
[ -z "$dnsmasq_has_tftp" ] ;;
ipset)
[ -z "$dnsmasq_has_ipset" ] ;;
+ nftset)
+ [ -z "$dnsmasq_has_nftset" ] ;;
*)
return 1
esac
dnsmasq_ipset_add() {
local cfg="$1"
- local ipsets domains
+ local ipsets nftsets domains
add_ipset() {
ipsets="${ipsets:+$ipsets,}$1"
}
+ add_nftset() {
+ nftsets="${nftsets:+$nftsets,}inet#fw4#$1"
+ }
+
add_domain() {
# leading '/' is expected
domains="$domains/$1"
}
config_list_foreach "$cfg" "name" add_ipset
+ config_list_foreach "$cfg" "name" add_nftset
config_list_foreach "$cfg" "domain" add_domain
- if [ -z "$ipsets" ] || [ -z "$domains" ]; then
+ if [ -z "$ipsets" ] || [ -z "$nftsets" ] || [ -z "$domains" ]; then
return 0
fi
xappend "--ipset=$domains/$ipsets"
+ xappend "--nftset=$domains/$nftsets"
}
dnsmasq_start()