From 1dcf0e3e273a56a846d784e83a3393e740046f86 Mon Sep 17 00:00:00 2001
From: jack <e601809@gmail.com>
Date: Wed, 3 Aug 2016 13:14:30 +0300
Subject: [PATCH] DNS adblock for IPv6 #14

---
 features.yml                          | 16 +++++++++++++++-
 templates/10-loopback-services.cfg.j2 |  5 +++++
 templates/adblock.sh                  | 10 ++++++++++
 templates/dnsmasq.conf.j2             |  2 +-
 4 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/features.yml b/features.yml
index 85399f2..4ac7580 100644
--- a/features.yml
+++ b/features.yml
@@ -67,7 +67,21 @@
       to_destination: 172.16.0.1:53
     notify:
     - save iptables
-    when: service_dns is defined and service_dns == "Y"
+    when: service_dns is defined and service_dns == "Y" # TODO: service_dns is not defined, because the variable in vars_prompt
+    
+  - name: Forward all DNS requests to the local resolver
+    iptables: 
+      table: nat
+      chain: PREROUTING
+      protocol: udp
+      destination_port: 53
+      source: "{{ vpn_network_ipv6 }}"
+      jump: DNAT
+      to_destination: fcaa::1:53
+      ip_version: ipv6
+    notify:
+    - save iptables
+    when: service_dns is defined and service_dns == "Y"    
     
   - name: Dnsmasq enabled and started
     service: name=dnsmasq state=started enabled=yes
diff --git a/templates/10-loopback-services.cfg.j2 b/templates/10-loopback-services.cfg.j2
index e5bc7bf..c5c47e4 100644
--- a/templates/10-loopback-services.cfg.j2
+++ b/templates/10-loopback-services.cfg.j2
@@ -2,3 +2,8 @@ auto lo:100
 iface lo:100 inet static
 	address 172.16.0.1
 	netmask 255.255.255.255
+
+iface lo:100 inet6 static
+        address FCAA::1
+        netmask 64
+        autoconf 0
diff --git a/templates/adblock.sh b/templates/adblock.sh
index efe696b..a6a8858 100644
--- a/templates/adblock.sh
+++ b/templates/adblock.sh
@@ -3,6 +3,8 @@
 
 # Redirect endpoint
 ENDPOINT_IP4="0.0.0.0"
+ENDPOINT_IP6="::"
+IPV6="Y"
 
 #Delete the old block.hosts to make room for the updates
 rm -f /etc/block.hosts
@@ -35,6 +37,14 @@ else
     cat /tmp/block.build.before > /etc/block.hosts
 fi
 
+if [ "$IPV6" = "Y" ]
+then
+    safe_pattern=$(printf '%s\n' "$ENDPOINT_IP4" | sed 's/[[\.*^$(){}?+|/]/\\&/g')
+    safe_addition=$(printf '%s\n' "$ENDPOINT_IP6" | sed 's/[\&/]/\\&/g')
+    echo 'Adding ipv6 support...'
+    sed -i -re "s/^(${safe_pattern}) (.*)$/\1 \2\n${safe_addition} \2/g" /etc/block.hosts
+fi
+
 service dnsmasq restart
 
 exit 0
diff --git a/templates/dnsmasq.conf.j2 b/templates/dnsmasq.conf.j2
index 49716e8..d28cfac 100644
--- a/templates/dnsmasq.conf.j2
+++ b/templates/dnsmasq.conf.j2
@@ -110,7 +110,7 @@ group=nogroup
 #except-interface=
 # Or which to listen on by address (remember to include 127.0.0.1 if
 # you use this.)
-listen-address=172.16.0.1,127.0.0.1
+listen-address=172.16.0.1,127.0.0.1,FCAA::1
 # If you want dnsmasq to provide only DNS service on an interface,
 # configure it as shown above, and then use the following line to
 # disable DHCP and TFTP on it.