DNS adblock for IPv6 #14

features.yml

@@ -67,6 +67,20 @@
       to_destination: 172.16.0.1:53
     notify:
     - save iptables
+    when: service_dns is defined and service_dns == "Y" # TODO: service_dns is not defined, because the variable in vars_prompt
+    
+  - name: Forward all DNS requests to the local resolver
+    iptables: 
+      table: nat
+      chain: PREROUTING
+      protocol: udp
+      destination_port: 53
+      source: "{{ vpn_network_ipv6 }}"
+      jump: DNAT
+      to_destination: fcaa::1:53
+      ip_version: ipv6
+    notify:
+    - save iptables
     when: service_dns is defined and service_dns == "Y"    
     
   - name: Dnsmasq enabled and started

templates/10-loopback-services.cfg.j2

@@ -2,3 +2,8 @@ auto lo:100
 iface lo:100 inet static
 	address 172.16.0.1
 	netmask 255.255.255.255
+
+iface lo:100 inet6 static
+        address FCAA::1
+        netmask 64
+        autoconf 0

templates/adblock.sh

@@ -3,6 +3,8 @@
 
 # Redirect endpoint
 ENDPOINT_IP4="0.0.0.0"
+ENDPOINT_IP6="::"
+IPV6="Y"
 
 #Delete the old block.hosts to make room for the updates
 rm -f /etc/block.hosts
@@ -35,6 +37,14 @@ else
     cat /tmp/block.build.before > /etc/block.hosts
 fi
 
+if [ "$IPV6" = "Y" ]
+then
+    safe_pattern=$(printf '%s\n' "$ENDPOINT_IP4" | sed 's/[[\.*^$(){}?+|/]/\\&/g')
+    safe_addition=$(printf '%s\n' "$ENDPOINT_IP6" | sed 's/[\&/]/\\&/g')
+    echo 'Adding ipv6 support...'
+    sed -i -re "s/^(${safe_pattern}) (.*)$/\1 \2\n${safe_addition} \2/g" /etc/block.hosts
+fi
+
 service dnsmasq restart
 
 exit 0

templates/dnsmasq.conf.j2

@@ -110,7 +110,7 @@ group=nogroup
 #except-interface=
 # Or which to listen on by address (remember to include 127.0.0.1 if
 # you use this.)
-listen-address=172.16.0.1,127.0.0.1
+listen-address=172.16.0.1,127.0.0.1,FCAA::1
 # If you want dnsmasq to provide only DNS service on an interface,
 # configure it as shown above, and then use the following line to
 # disable DHCP and TFTP on it.