[Dnsmasq-discuss] Example for connmark based iltering
Uwe Schindler
uwe at thetaphi.de
Sat Aug 17 09:55:07 UTC 2024
Hi,
I know there is the feature to reject DNS queries from hosts based on
marking the connection with iptables. I tried to set this up for some
specific radio device which has a buggy weather.com webservice api that
crashes on broken results. I know if I filter some weather.com API
requests completely in dnsmasq, the device no longer shows weater and
does not crash.
I know how to add connmarks to IPtables mangle table, but I did not get
the filtering running.
Does anybody has an example how to setup the combination of iptables
mangle rules with dnsmask. The documentation man page has no example and
is far from useful. I have no idea what means mark and what those masks
are. Basically I want to mark all DNS packets (UDP port 53) from a
specific device on internal network with some tag and instruct dnsmasq
to not answer dns requests for a specific domain. The iptables rules are
easy to setup, but I have no idea what to pass to connmark ipotables
module (no mention of masks there, but marks) and how to setup dnsmasq.
It would really be good to have an educating example in the dnsmasq
documentation of a working setup (both for dnsmasq config and for some
example iptables rules).
Any ideas? Many thanks, Uwe
Uwe
--
Uwe Schindler
Achterdiek 19, D-28357 Bremen
https://www.thetaphi.de
eMail: uwe at thetaphi.de
More information about the Dnsmasq-discuss
mailing list