Jimmy-Z · October 8, 2019 03:23
diff --git a/pfsense-dnsmasq-cn.sh b/pfsense-dnsmasq-cn.sh
 #!/bin/sh

 # call this in cron: /conf/pfsense-dnsmasq-cn.sh > /tmp/dnscn.debug 2>&1
 # it would be nice if pfsense provided some kind of ppp post-up hook interface

 PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/sbin

 WORKDIR="$(mktemp -d)"
 OUTDIR="/conf/dnsmasq.d"

 # get DNS from PPP log, be sure to leave "DNS Server Override" enabled
 #	otherwise pfSense will not retrieve DNS over PPP
 # it's OK since:
 #	you can tell dnsmasq to ignore them by using "no-resolv"
 #	the system will only use the rest when the first name server times out, source:
 #		https://www.freebsd.org/cgi/man.cgi?resolv.conf
 PRIDNS="$(clog /var/log/ppp.log|grep PRIDNS|grep -v 0.0.0.0|tail -n 1|awk '{print $NF}')"
 SECDNS="$(clog /var/log/ppp.log|grep SECDNS|grep -v 0.0.0.0|tail -n 1|awk '{print $NF}')"

 echo "PPP DNS: $PRIDNS $SECDNS"

 # CAUTION: the base dnsmasq conf should be able to resolve this
 BASE_URL='https://dev.tencent.com/u/felixonmars/p/dnsmasq-china-list/git/raw/master/'

 CONF_WITH_SERVERS="accelerated-domains.china google.china apple.china"
 CONF_SIMPLE="bogus-nxdomain.china"

 # use curl instead of git
 cd "$WORKDIR"
 curl --fail-early $(printf " -OJLf ${BASE_URL}%s.conf" ${CONF_WITH_SERVERS} ${CONF_SIMPLE})
 if test $? -ne 0 ; then
 	echo failed to retrieve conf, give up
 	rm -r "$WORKDIR"
 	exit 1
 fi
 cd -

 for _conf in ${CONF_SIMPLE}; do
 	cp "$WORKDIR/$_conf.conf" "$OUTDIR/$_conf.conf"
 done

 for _dns in PRI SEC; do
 	for _conf in ${CONF_WITH_SERVERS}; do
 		cp "$WORKDIR/$_conf.conf" "$OUTDIR/$_conf.$_dns.conf"
 	done

 	__dns=$(eval "echo \$${_dns}DNS")
 	sed -i '' "s|^\(server.*\)/[^/]*$|\1/${__dns}|" $OUTDIR/*.$_dns.conf
 done

 # yeah this is the pfSense way
 pfSsh.php playback svc restart dnsmasq

 rm -r "$WORKDIR"
	#!/bin/sh

	# call this in cron: /conf/pfsense-dnsmasq-cn.sh > /tmp/dnscn.debug 2>&1
	# it would be nice if pfsense provided some kind of ppp post-up hook interface

	PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/sbin

	WORKDIR="$(mktemp -d)"
	OUTDIR="/conf/dnsmasq.d"

	# get DNS from PPP log, be sure to leave "DNS Server Override" enabled
	# otherwise pfSense will not retrieve DNS over PPP
	# it's OK since:
	# you can tell dnsmasq to ignore them by using "no-resolv"
	# the system will only use the rest when the first name server times out, source:
	# https://www.freebsd.org/cgi/man.cgi?resolv.conf
	PRIDNS="$(clog /var/log/ppp.log\|grep PRIDNS\|grep -v 0.0.0.0\|tail -n 1\|awk '{print $NF}')"
	SECDNS="$(clog /var/log/ppp.log\|grep SECDNS\|grep -v 0.0.0.0\|tail -n 1\|awk '{print $NF}')"

	echo "PPP DNS: $PRIDNS $SECDNS"

	# CAUTION: the base dnsmasq conf should be able to resolve this
	BASE_URL='https://dev.tencent.com/u/felixonmars/p/dnsmasq-china-list/git/raw/master/'

	CONF_WITH_SERVERS="accelerated-domains.china google.china apple.china"
	CONF_SIMPLE="bogus-nxdomain.china"

	# use curl instead of git
	cd "$WORKDIR"
	curl --fail-early $(printf " -OJLf ${BASE_URL}%s.conf" ${CONF_WITH_SERVERS} ${CONF_SIMPLE})
	if test $? -ne 0 ; then
	echo failed to retrieve conf, give up
	rm -r "$WORKDIR"
	exit 1
	fi
	cd -

	for _conf in ${CONF_SIMPLE}; do
	cp "$WORKDIR/$_conf.conf" "$OUTDIR/$_conf.conf"
	done

	for _dns in PRI SEC; do
	for _conf in ${CONF_WITH_SERVERS}; do
	cp "$WORKDIR/$_conf.conf" "$OUTDIR/$_conf.$_dns.conf"
	done

	__dns=$(eval "echo \$${_dns}DNS")
	sed -i '' "s\|^\(server.\)/[^/]$\|\1/${__dns}\|" $OUTDIR/*.$_dns.conf
	done

	# yeah this is the pfSense way
	pfSsh.php playback svc restart dnsmasq

	rm -r "$WORKDIR"