redirect dns

init.sh

@@ -9,12 +9,19 @@ ADDRESS=${WG_ADDRESS:-10.200.200.1/24}
 
 function shutdown() {
  ip link del dev $WG_IF
- iptables -D FORWARD -i $WG_IF -j ACCEPT; iptables -D FORWARD -i $WG_IF -o $PHY_IF -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -D FORWARD -i $PHY_IF -o $WG_IF -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D POSTROUTING -s $ADDRESS -o $PHY_IF -j MASQUERADE;
- #iptables -D FORWARD -i $WG_IF -j ACCEPT; iptables -t nat -D POSTROUTING -o $PHY_IF -j MASQUERADE
+ setup_iptables "D"
  wg showconf $WG_IF > /etc/wireguard/$WG_IF.conf
  killall sleep
 }
 
+function setup_iptables() {
+ if [ ! -z "$WG_REDIRECT_DNS" ]; then
+  iptables -t nat -$1 OUTPUT -p udp --dport 53 -j DNAT --to $WG_REDIRECT_DNS
+  iptables -t nat -$1 OUTPUT -p tcp --dport 53 -j DNAT --to $WG_REDIRECT_DNS
+ fi 
+ iptables -$1 FORWARD -i $WG_IF -j ACCEPT; iptables -D FORWARD -i $WG_IF -o $PHY_IF -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -D FORWARD -i $PHY_IF -o $WG_IF -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D POSTROUTING -s $ADDRESS -o $PHY_IF -j MASQUERADE;
+}
+
 /usr/bin/wireguard-go $WG_IF
 
 if [ ! -f "/etc/wireguard/$WG_IF.conf" ]; then
@@ -30,7 +37,6 @@ trap shutdown EXIT
 
 ip link set up dev $WG_IF
 ip address add $ADDRESS dev $WG_IF
-iptables -A FORWARD -i $WG_IF -j ACCEPT; iptables -A FORWARD -i $WG_IF -o $PHY_IF -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -A FORWARD -i $PHY_IF -o $WG_IF -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A POSTROUTING -s $ADDRESS -o $PHY_IF -j MASQUERADE;
-#iptables -A FORWARD -i $WG_IF -j ACCEPT; iptables -t nat -A POSTROUTING -o $PHY_IF -j MASQUERADE
+setup_iptables "A"
 
 sleep 100000000