-
Notifications
You must be signed in to change notification settings - Fork 0
/
dnscrypt.rules
35 lines (33 loc) · 4.12 KB
/
dnscrypt.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/sbin/nft -f
define dnscrypt_v4_clients = { 10.53.53.2 }
table inet filter {
set dnscrypt_ports {
type inet_service
elements = { 5443, 1443, 453, 2053, 5353, 50443, 4443, 4434, 443, 4343, 15353, 8443 }
}
set dnscrypt_sources_ipv4 {
type ipv4_addr
elements = { 78.129.140.65, 37.59.238.213, 94.130.135.203, 185.95.218.42, 94.140.14.140, 104.238.186.192, 155.254.21.250, 133.130.113.163, 104.16.132.229, 94.140.14.140, 149.56.228.45, 52.65.235.129, 37.120.217.75, 104.21.6.78, 193.191.187.107, 185.107.80.84, 193.70.85.11, 5.1.66.255, 216.238.80.219, 37.120.152.235, 118.27.108.140, 137.74.223.234, 199.180.130.39, 91.239.100.100, 86.106.74.219, 104.16.133.229, 185.66.143.178, 185.150.99.255, 149.28.101.119, 213.202.216.12, 89.38.131.38, 91.219.215.227, 146.70.31.43, 94.198.41.235, 212.47.228.136, 217.138.220.243, 193.37.255.227, 23.137.249.116, 68.183.253.200, 45.11.45.11, 149.28.101.119, 1.1.1.1, 185.222.222.222, 185.22.154.19, 95.215.19.53, 45.90.28.0, 1.0.0.1, 133.130.98.250, 91.205.230.224, 185.95.218.43, 178.216.201.128, 165.232.32.95, 94.130.135.203, 128.127.104.108, 136.244.97.114, 172.104.93.80, 45.153.187.96, 136.244.97.114, 213.196.191.96, 139.99.222.72, 163.172.34.56, 173.234.56.115, 172.67.134.157, 167.114.220.125, 37.120.236.11, 185.95.218.43, 185.95.218.42, 85.114.138.119, 37.120.193.219, 46.102.157.110, 199.180.130.39, 172.67.173.59, 139.99.222.72, 94.140.14.141, 91.239.100.100, 216.238.80.219, 172.67.134.157, 195.12.48.171, 137.66.6.146, 193.70.85.11, 37.120.235.187, 23.19.245.88, 37.120.147.2, 172.104.93.80, 37.120.234.251, 89.58.6.169, 149.56.228.45, 185.150.99.255, 89.233.43.71, 37.120.142.115, 89.233.43.71, 64.120.5.251, 174.138.29.175, 1.0.0.1, 70.36.170.126, 209.58.147.36, 45.90.30.0, 76.76.2.11, 188.244.117.114, 164.68.121.162, 104.255.175.2, 37.120.211.91, 163.172.180.125, 185.199.111.133, 104.238.153.46, 198.7.58.227, 45.153.187.96, 104.21.30.162, 104.21.6.78, 146.70.66.227, 76.76.2.11, 167.114.220.125, 51.15.122.250, 185.117.118.20, 45.90.30.0, 89.38.131.38, 37.120.207.131, 68.183.253.200, 5.1.66.255, 207.246.87.96, 185.183.106.83, 143.244.33.74, 133.130.118.103, 207.246.87.96 }
}
set dnscrypt_sources_ipv6 {
type ipv6_addr
elements = { 2a0c:b9c0:f:451d::1, 2606:4700:4700::1001, 2606:4700:3037::6815:64e, 2a05:fc84::42, 2a01:4f8:13b:3407::face, 2a10:50c0::1:ff, 2606:4700::6810:84e5, 2a10:50c0::1:ff, 2001:67c:28a4::, 2400:6180:0:d0::5f73:4001, 2a07:a8c0::, 2001:67c:2354:2::53, 2001:678:ed0:f000::, 2001:19f0:5:3bd7:5400:4ff:fe05:da83, 2001:19f0:7402:1574:5400:2ff:fe66:2cff, 2001:19f0:5001:cbb:5400:3ff:fe07:f70d, 2607:5300:61:95f:7283:11d9:f86:e690, 2a09:cd42:f:425b::1, 2606:4700:4700::1111, 2606:4700:3035::6815:1ea2, 2001:19f0:5:3bd7:5400:4ff:fe05:da83, 2a03:b0c0:1:e0::487:1001, 2001:bc8:1830:b07::1, 2400:8902::f03c:91ff:feda:c514, 2606:4700:3037::6815:64e, 2606:4700:3036::ac43:869d, 2606:4700::6810:85e5, 2606:4700:3030::ac43:ad3b, 2001:bc8:628:a0f::1, 2a10:50c0::2:ff, 2606:4700:4700::1001, 2a05:fc84::43, 2001:678:e68:f000::, 2a09:cd42:f:425b::1, 2001:19f0:5001:cbb:5400:3ff:fe07:f70d, 2607:5300:61:95f:7283:11d9:f86:e690, 2606:4700:3036::ac43:869d, 2a01:4f8:13b:3407::face, 2607:5300:61:95f:7283:11d9:f86:e689, 2a01:3a0:53:53::, 2606:4700:4700::1111, 2606:1a40::11, 2a05:fc84::43, 2001:41d0:302:2200::180, 2001:41d0:302:2200::180, 2001:678:e68:f000::, 2001:19f0:b400:1d8c:5400:4ff:fe11:b15a, 2607:5300:61:95f:7283:11d9:f86:e689, 2a0c:b9c0:f:451d::1, 2a05:fc84::42, 2606:4700:3030::ac43:ad3b, 2001:678:ed0:f000::, 2001:19f0:9002:de4:5400:4ff:fe08:7de3, 2001:19f0:9002:de4:5400:4ff:fe08:7de3 }
}
chain dnscrypt_filter {
ip daddr @dnscrypt_sources_ipv4 tcp dport @dnscrypt_ports counter accept
ip6 daddr @dnscrypt_sources_ipv6 tcp dport @dnscrypt_ports counter accept
ip daddr @dnscrypt_sources_ipv4 udp dport @dnscrypt_ports counter accept
ip6 daddr @dnscrypt_sources_ipv6 udp dport @dnscrypt_ports counter accept
ip daddr 1.1.1.1 udp dport 53 counter accept comment "Bootstrap resolver"
}
chain forward_hook {
ip saddr $dnscrypt_v4_clients counter jump dnscrypt_filter
}
}
table inet nat {
set nat_nets {
type ipv4_addr
flags interval
elements = { 10.53.53.2 }
}
}