parent
55fdfe9dbb
commit
7a86ce218d
4
dnss.sh
4
dnss.sh
|
@ -4,10 +4,6 @@ sudo cp ../dnss/dnss.socket ../dnss/dnss.service /etc/systemd/system/
|
|||
sudo systemctl daemon-reload
|
||||
sudo systemctl restart dnss.service
|
||||
sudo systemctl restart dnss.socket
|
||||
sudo iptables -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to 127.0.0.1:53
|
||||
sudo iptables -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to 127.0.0.1:53
|
||||
sudo iptables -t nat -I OUTPUT -p udp --dport 5353 -j DNAT --to 127.0.0.1:53
|
||||
sudo iptables -t nat -I OUTPUT -p tcp --dport 5353 -j DNAT --to 127.0.0.1:53
|
||||
if [ -f /etc/pdnsd.conf ]
|
||||
then
|
||||
echo "hit enter to continue"
|
||||
|
|
15
install.sh
15
install.sh
|
@ -9,3 +9,18 @@ sudo debconf-set-selections < ../debconf.conf
|
|||
../dnscrypt-proxy.sh
|
||||
../squid.sh
|
||||
../spoof-dpi.sh
|
||||
## Rules to force local DNS traffic to DNSMasq
|
||||
sudo iptables -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to 127.0.0.1:53
|
||||
sudo iptables -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to 127.0.0.1:53
|
||||
sudo iptables -t nat -I OUTPUT -p udp --dport 5353 -j DNAT --to 127.0.0.1:53
|
||||
sudo iptables -t nat -I OUTPUT -p tcp --dport 5353 -j DNAT --to 127.0.0.1:53
|
||||
## Rules to force network DNS traffic to DNSMasq
|
||||
sudo iptables -t nat -I PREROUTING -p udp --dport 53 -j DNAT --to 127.0.0.1:53
|
||||
sudo iptables -t nat -I PREROUTING -p tcp --dport 53 -j DNAT --to 127.0.0.1:53
|
||||
sudo iptables -t nat -I PREROUTING -p udp --dport 5353 -j DNAT --to 127.0.0.1:53
|
||||
sudo iptables -t nat -I PREROUTING -p tcp --dport 5353 -j DNAT --to 127.0.0.1:53
|
||||
## TTL Modification Hack
|
||||
#iptables -t mangle -I POSTROUTING 1 -j TTL --ttl-set 66
|
||||
## Countermeasure for TCP Reset Attacks
|
||||
sudo iptables -I INPUT -p tcp --tcp-flags RST RST -j DROP
|
||||
sudo iptables -t mangle -I PREROUTING -p tcp --tcp-flags RST RST -j DROP
|
||||
|
|
Loading…
Reference in New Issue