/etc/config/dhcp:
...
# Tell DNSmasq to add IP addressess resolved for the listed domains in the ipset
config dnsmasq
...
list ipset '/my.domain.name.com/another.domain.org/ipsetname'
...
/etc/config/firewall:
...
# Define the ipset
config ipset
option name ipsetname
option match src_net
option storage hash
option enabled 1
# Filter port forwarding rule based on ipset
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option ipset 'ipsetname'
option proto 'tcp'
option src_dport '1234'
option dest_ip '192.168.11.100'
option dest_port '1234'
option name 'service1'
...
/etc/crontabs/root:
...
# Force DNS resolution for the domain names we want to filter on. This causes DNSmasq to add
# any discovered IP addresses to the ipset we use for filtering.
*/10 * * * * for domain in my.domain.name.com another.domain.org ; do nslookup "$domain" ; done
...
Created
May 25, 2019 00:26
-
-
Save lightrush/e59ca2f7fc0afbd8dce3aa194176a507 to your computer and use it in GitHub Desktop.
Filter port forwarding rules based on domain name on OpenWrt
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment