updated service.sh

Remove the dns re-direction through iptables. Let dnscrypt-proxy do its job only.
This commit is contained in:
George Daniel 2019-06-13 07:19:12 +00:00 committed by GitHub
parent 19de555f37
commit 7875b642aa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 6 deletions

View File

@ -7,13 +7,18 @@
MODDIR=${0%/*}
# change config directory from /system/etc to /data/media/0/dnscrypt-proxy
# /sdcard is softlink to /data/media/0 in lineageos 16
# /sdcard is softlink to /data/media/0 in lineageos 16.
#Check, every 15 seconds. whether an instance of dnscrypt-proxy is running,if not, keep looping
# till network is available & start dnscrypt-proxy.
while ! [ `pgrep -x dnscrypt-proxy` ] ; do
$MODDIR/system/bin/dnscrypt-proxy -config /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml;
$MODDIR/system/bin/dnscrypt-proxy -config /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml;
sleep 15;
done
#IPTABLES
iptables -t nat -A OUTPUT -p tcp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -A OUTPUT -p udp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
ip6tables -t nat -A OUTPUT -p tcp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination [::1]:5354
ip6tables -t nat -A OUTPUT -p udp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination [::1]:5354
# let dnscrypt-proxy do its job only. Let the user decide how to do the "redirection of dns request".
# iptables -t nat -A OUTPUT -p tcp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
# iptables -t nat -A OUTPUT -p udp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
# ip6tables -t nat -A OUTPUT -p tcp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination [::1]:5354
# ip6tables -t nat -A OUTPUT -p udp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination [::1]:5354