-
Notifications
You must be signed in to change notification settings - Fork 0
/
iptables_dnscrypt.sh
executable file
·36 lines (26 loc) · 971 Bytes
/
iptables_dnscrypt.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#! /bin/bash
function flush_iptables_nat(){
iptables -t nat -F
ip6tables -t nat -F
}
iptables -t nat -F
ip6tables -t nat -F
FALLBACK_SERVERS=("1.1.1.1" "8.8.8.8" "137.204.25.71" "10.192.168.1")
#FALLBACK_SERVERS=("1.1.1.1" "8.8.8.8")
FALLBACK=""
for SERVER in ${FALLBACK_SERVERS[@]}; do
echo "[ ] Testing $SERVER"
if $(nslookup -timeout=2 "google.com" $SERVER | grep -q "connection timed out"); then
echo "[-] $SERVER cannot be reached!"
else
echo "[+] $SERVER can be reached! Setting up IpTables"
FALLBACK=$SERVER
break
fi
done
iptables -t nat -A OUTPUT -p udp --dport 5301 -j DNAT --to $FALLBACK:53 2>&1
iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to 127.0.0.1:5300 2>&1
iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to 127.0.0.1:5300 2>&1
ip6tables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to [::1]:5300 2>&1
ip6tables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to [::1]:5300 2>&1
systemctl start dnscrypt-proxy.service