DNS Container and docker compose

firewall/tools.py

@@ -143,6 +143,19 @@ def export_user_firewall():
     return "".join(iptables_rules)
 
 
+def generate_redirect_dns_rules():
+    wireguard_instance_list = WireGuardInstance.objects.all()
+    firewall_settings, firewall_settings_created = FirewallSettings.objects.get_or_create(name='global')
+    dns_redirect_rules = ''
+    for wireguard_instance in wireguard_instance_list:
+        dns_redirect_rules += f"# DNS Redirect for instance wg{wireguard_instance.instance_id}\n"
+        dns_redirect_rules += f"iptables -t nat -A WGWADM_PREROUTING  -i wg{wireguard_instance.instance_id} -d {wireguard_instance.address} -p udp --dport 53 -j DNAT --to $DNS_IP:53\n"
+        dns_redirect_rules += f"iptables -t nat -A WGWADM_PREROUTING  -i wg{wireguard_instance.instance_id} -d {wireguard_instance.address} -p tcp --dport 53 -j DNAT --to $DNS_IP:53\n"
+        dns_redirect_rules += f"iptables -t nat -A WGWADM_POSTROUTING -i wg{wireguard_instance.instance_id} -o {firewall_settings.wan_interface} -d $DNS_IP -j MASQUERADE\n"
+        dns_redirect_rules += f"iptables -t filter -A WGWADM_FORWARD  -i wg{wireguard_instance.instance_id} -o {firewall_settings.wan_interface} -d $DNS_IP -j ACCEPT\n"
+    return dns_redirect_rules
+
+
 def generate_firewall_header():
     firewall_settings, firewall_settings_created = FirewallSettings.objects.get_or_create(name='global')
     header = f'''#!/bin/bash
@@ -151,6 +164,10 @@ def generate_firewall_header():
 #
 # This script was generated by WireGuard_WebAdmin on {timezone.now().strftime('%Y-%m-%d %H:%M:%S %Z')}
 #
+DNS_IP=$(host wireguard-webadmin-dns | grep -oP 'has address \K[\d\.]+')
+if [ -z "$DNS_IP" ]; then
+    DNS_IP="127.0.0.250"
+fi
 
 iptables -t nat    -N WGWADM_POSTROUTING >> /dev/null 2>&1
 iptables -t nat    -N WGWADM_PREROUTING  >> /dev/null 2>&1