Skip to content

Instantly share code, notes, and snippets.

@lightrush
Created May 25, 2019 00:26
Show Gist options
  • Save lightrush/e59ca2f7fc0afbd8dce3aa194176a507 to your computer and use it in GitHub Desktop.
Save lightrush/e59ca2f7fc0afbd8dce3aa194176a507 to your computer and use it in GitHub Desktop.
Filter port forwarding rules based on domain name on OpenWrt
/etc/config/dhcp:

...
# Tell DNSmasq to add IP addressess resolved for the listed domains in the ipset
config dnsmasq
	...
        list ipset '/my.domain.name.com/another.domain.org/ipsetname'
...


/etc/config/firewall:

...
# Define the ipset
config ipset
        option name ipsetname
        option match src_net
        option storage hash
        option enabled 1

# Filter port forwarding rule based on ipset
config redirect
	option target 'DNAT'
	option src 'wan'
	option dest 'lan'
  option ipset 'ipsetname'
	option proto 'tcp'
	option src_dport '1234'
	option dest_ip '192.168.11.100'
	option dest_port '1234'
	option name 'service1'
...


/etc/crontabs/root:

...
# Force DNS resolution for the domain names we want to filter on. This causes DNSmasq to add
# any discovered IP addresses to the ipset we use for filtering.
*/10 * * * * for domain in my.domain.name.com another.domain.org ; do nslookup "$domain" ; done
...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment