On Sat, Aug 17, 2024 at 11:55:07AM +0200, Uwe Schindler wrote: > Hi, > > I know there is the feature to reject DNS queries from hosts based on > marking the connection with iptables. I tried to set this up for some > specific radio device which has a buggy weather.com webservice api > that crashes on broken results. I know if I filter some weather.com > API requests completely in dnsmasq, the device no longer shows weater > and does not crash. > > I know how to add connmarks to IPtables mangle table, but I did not > get the filtering running. > > Does anybody has an example how to setup the combination of iptables > mangle rules with dnsmask. The documentation man page has no example > and is far from useful. I have no idea what means mark and what those > masks are. Basically I want to mark all DNS packets (UDP port 53) > from a specific device on internal network with some tag and instruct > dnsmasq to not answer dns requests for a specific domain. The iptables > rules are easy to setup, but I have no idea what to pass to connmark > ipotables module (no mention of masks there, but marks) and how to > setup dnsmasq. > > It would really be good to have an educating example in the dnsmasq > documentation of a working setup (both for dnsmasq config and for some > example iptables rules). > > Any ideas?
git clone URL_of_dnsmasq_source dnsmasq cd dnsmasq/contrib/conntrack cat README > Many thanks Idea for a better "Many thanks": Share with the mailinglist archive feedback on the file contrib/conntrack/README like a "Works for me" or even an addition as "Here a patch that documents my working use case". Groeten Geert Stappers -- Silence is hard to parse _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
