From da18dc225eb7c072175a7f3e51b62f79b9a6d547 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 20 Apr 2017 10:49:03 +0100
Subject: [PATCH] Include outputs and forwards in domain blocks
---
src/freedombone-utils-firewall | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index 65b7a23b2..f2fa0c986 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -408,6 +408,10 @@ function firewall_block_domain {
hexstr=$(domain_to_hex_string $blocked_domain)
iptables -A INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+ iptables -A OUTPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+ iptables -A OUTPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+ iptables -I FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+ iptables -I FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
echo "${blocked_domain}" >> $FIREWALL_DOMAINS
save_firewall_settings
fi
@@ -419,6 +423,10 @@ function firewall_unblock_domain {
hexstr=$(domain_to_hex_string $unblocked_domain)
iptables -D INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
iptables -D INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+ iptables -D OUTPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+ iptables -D OUTPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+ iptables -D FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
+ iptables -D FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
sed -i "/${unblocked_domain}/d" $FIREWALL_DOMAINS
save_firewall_settings
fi
--
GitLab