-
-
Save Belphemur/f5f5afd19116ee17d4498f5ad87386a3 to your computer and use it in GitHub Desktop.
#!/bin/sh | |
SERVICE_FILE=nextdns-catchall.service | |
SOURCE_FILE_PATH=/data/${SERVICE_FILE} | |
SYSTEMD_FILE_PATH=/etc/systemd/system/${SERVICE_FILE} | |
if [ ! -f $SOURCE_FILE_PATH ]; | |
then | |
echo "Can't find service file" | |
exit 1 | |
fi | |
podman exec unifi-os stat $SYSTEMD_FILE_PATH | |
if [ $? -eq 0 ]; | |
then | |
echo "Already installed" | |
exit 0 | |
fi | |
podman exec unifi-os cp $SOURCE_FILE_PATH $SYSTEMD_FILE_PATH | |
podman exec unifi-os systemctl daemon-reload | |
podman exec unifi-os systemctl enable $SERVICE_FILE | |
podman exec unifi-os systemctl start $SERVICE_FILE |
[Unit] | |
Description=NextDNS Catch all traffic | |
After=nextdns.service | |
Requires=nextdns.service | |
[Install] | |
WantedBy=multi-user.target | |
[Service] | |
Type=oneshot | |
RemainAfterExit=yes | |
ExecStart=/sbin/ssh-proxy iptables -t nat -N NEXTDNS_CATCHALL | |
ExecStart=/sbin/ssh-proxy iptables -t nat -A PREROUTING ! -d 127.0.0.0/8 -j NEXTDNS_CATCHALL | |
ExecStart=/sbin/ssh-proxy iptables -t nat -A NEXTDNS_CATCHALL -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:5553 | |
ExecStart=/sbin/ssh-proxy iptables -t nat -A NEXTDNS_CATCHALL -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.1:5553 | |
ExecStop=/sbin/ssh-proxy iptables -t nat -D PREROUTING ! -d 127.0.0.0/8 -j NEXTDNS_CATCHALL | |
ExecStop=/sbin/ssh-proxy iptables -t nat -F NEXTDNS_CATCHALL | |
ExecStop=/sbin/ssh-proxy iptables -t nat -X NEXTDNS_CATCHALL |
I put '10-nextdns-catchall.sh' in '/mnt/data/on_boot.d/' and 'nextdns-catchall.service' in '/data/' which I think is correct.
After a reboot of my UDM Pro I got it all working as intended.
Today I noticed that there was something strange with my lookups and saw that the iptables rules were missing.
I guess(!) that they were removed by unifi-os when I updated the firewall rules in the UDM Pro web page.
Can this be the case? If so, is there way to have them automatically reloaded?
(I'm new to Unifi and a few things are not as straight forward as my old OpenWrt router so I may have misunderstood completely.)
The problem with this catchall is that if you try to use different NextDNS IDs per VLAN, it does not work and everyone ends up using the same primary ID. Is there a workaround for this?
The problem with this catchall is that if you try to use different NextDNS IDs per VLAN, it does not work and everyone ends up using the same primary ID. Is there a workaround for this?
I'm having the same issue... Has anyone been able to find a workaround for this?
Hopefully you don't mind me linking this here, but I really got great use out of this script on earlier Unifi OS versions, so I have been keeping it updated for later releases. The new version works on UDM firmware versions 2.x and 3.x and is available here: https://github.com/vt0r/nextdns-catchall
I tried setting this up and it did not seem to work. I places 10-nextdns-catchall.sh in /mnt/data/on_boot.d/ and nextdns-catchall.service in /data/ and it seemed to install fine on reboot but a client with a hardcoded dns server just ignores nextdns. Any help would be appreciated.