NextDNS catch all UDM

10-nextdns-catchall.sh

#!/bin/sh

SERVICE_FILE=nextdns-catchall.service
SOURCE_FILE_PATH=/data/${SERVICE_FILE}
SYSTEMD_FILE_PATH=/etc/systemd/system/${SERVICE_FILE}
if [ ! -f  $SOURCE_FILE_PATH ];
then
    echo "Can't find service file"
    exit 1
fi

podman exec unifi-os stat $SYSTEMD_FILE_PATH

if [ $? -eq 0  ];
then
    echo "Already installed"
    exit 0
fi

podman exec unifi-os cp $SOURCE_FILE_PATH $SYSTEMD_FILE_PATH
podman exec unifi-os systemctl daemon-reload
podman exec unifi-os systemctl enable $SERVICE_FILE
podman exec unifi-os systemctl start $SERVICE_FILE

nextdns-catchall.service

[Unit]
Description=NextDNS Catch all traffic
After=nextdns.service
Requires=nextdns.service

[Install]
WantedBy=multi-user.target

[Service]
Type=oneshot
RemainAfterExit=yes

ExecStart=/sbin/ssh-proxy iptables -t nat -N NEXTDNS_CATCHALL
ExecStart=/sbin/ssh-proxy iptables -t nat -A PREROUTING ! -d 127.0.0.0/8 -j NEXTDNS_CATCHALL
ExecStart=/sbin/ssh-proxy iptables -t nat -A NEXTDNS_CATCHALL -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:5553
ExecStart=/sbin/ssh-proxy iptables -t nat -A NEXTDNS_CATCHALL -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.1:5553

ExecStop=/sbin/ssh-proxy iptables -t nat -D PREROUTING ! -d 127.0.0.0/8 -j NEXTDNS_CATCHALL
ExecStop=/sbin/ssh-proxy iptables -t nat -F NEXTDNS_CATCHALL
ExecStop=/sbin/ssh-proxy iptables -t nat -X NEXTDNS_CATCHALL

Hopefully you don't mind me linking this here, but I really got great use out of this script on earlier Unifi OS versions, so I have been keeping it updated for later releases. The new version works on UDM firmware versions 2.x and 3.x and is available here: https://github.com/vt0r/nextdns-catchall