update 2024-11-12 12:23:02

luci-app-fchomo/root/etc/fchomo/scripts/firewall_post.ut

@@ -154,6 +154,8 @@ chain {{ inchain }} {
 {%- function render_acl_dst(inchain, outchain): %}
 chain {{ inchain }} {
 		meta mark {{ self_mark }} counter return
+		fib daddr type { local } counter return
+		ct direction reply counter return
 
 		ip daddr @inet4_local_addr counter return
 		{% if (global_ipv6 === '1'): %}
@@ -423,7 +425,7 @@ table inet fchomo {
 	{{ render_acl_dport('tproxy_acl_dport_reroute', 'tproxy_mark', 'udp') }}
 	chain tproxy_mark {
 		{#- DNS hijack #}
-		udp dport 53 counter accept comment "!{{ cfgname }}: DNS hijack (bypass rerouter)"
+		udp dport 53 counter accept comment "!{{ cfgname }}: DNS hijack (bypass router udp)"
 
 		meta l4proto udp meta mark set {{ tproxy_mark }} counter accept
 	}

luci-app-fchomo/root/etc/init.d/fchomo

@@ -14,7 +14,15 @@ HM_DIR="/etc/fchomo"
 TEMPS_DIR="$HM_DIR/templates"
 RUN_DIR="/var/run/fchomo"
 LOG_PATH="$RUN_DIR/fchomo.log"
-DNSMASQ_DIR="/tmp/dnsmasq.d/dnsmasq-fchomo.d"
+
+# thanks to homeproxy
+# we don't know which is the default server, just take the first one
+DNSMASQ_UCI_CONFIG="$(uci -q show "dhcp.@dnsmasq[0]" | awk 'NR==1 {split($0, conf, /[.=]/); print conf[2]}')"
+if [ -f "/tmp/etc/dnsmasq.conf.$DNSMASQ_UCI_CONFIG" ]; then
+	DNSMASQ_DIR="$(awk -F '=' '/^conf-dir=/ {print $2}' "/tmp/etc/dnsmasq.conf.$DNSMASQ_UCI_CONFIG")/dnsmasq-fchomo.d"
+else
+	DNSMASQ_DIR="/tmp/dnsmasq.d/dnsmasq-fchomo.d"
+fi
 
 config_load "$CONF"