@@ -243,24 +243,7 @@ def __sync_pro_plus_profiles():
243243 dhcp_instances = __fetch_local_dhcp_instances ()
244244 ip_set_instances = __fetch_instanced_services ('firewall' , 'ipset' )
245245 redirect_instances = __fetch_instanced_services ('firewall' , 'redirect' )
246-
247246 added_redirects = []
248- # for each zone, generate bypass redirect rule
249- for zone in e_uci .get ('flashstart' , 'global' , 'zones' , default = [], list = True , dtype = str ):
250- redirect_id = f'ns_flashstart_bypass_{ zone }
251- if e_uci .get ('firewall' , redirect_id , default = None ) is None :
252- logging .debug (f'Creating new redirect { redirect_id } )
253- e_uci .set ('firewall' , redirect_id , 'redirect' )
254- e_uci .set ('firewall' , redirect_id , 'ns_flashstart' , True )
255- e_uci .set ('firewall' , redirect_id , 'ns_tag' , ['automated' ])
256- e_uci .set ('firewall' , redirect_id , 'name' , f'Flashstart-bypass-DNS-from-{ zone } )
257- e_uci .set ('firewall' , redirect_id , 'src' , zone )
258- e_uci .set ('firewall' , redirect_id , 'src_dport' , 53 )
259- e_uci .set ('firewall' , redirect_id , 'dest_port' , 53 )
260- e_uci .set ('firewall' , redirect_id , 'proto' , "tcp udp" )
261- e_uci .set ('firewall' , redirect_id , 'target' , 'DNAT' )
262- e_uci .set ('firewall' , redirect_id , 'ipset' , f'flashstart-bypass' )
263- added_redirects .append (redirect_id )
264247
265248 # fetch config
266249 config = __fetch_config ()
@@ -305,6 +288,7 @@ def __sync_pro_plus_profiles():
305288 e_uci .set ('firewall' , redirect_id , 'target' , 'DNAT' )
306289 if profile ['catch-all' ]:
307290 e_uci .set ('firewall' , redirect_id , 'name' , f'Flashstart-catch-all-{ zone } { profile ["id" ]} )
291+ e_uci .set ('firewall' , redirect_id , 'ipset' , f'!flashstart-bypass' )
308292 else :
309293 e_uci .set ('firewall' , redirect_id , 'name' , f'Flashstart-intercept-DNS-from-{ zone } { profile ["id" ]} )
310294 e_uci .set ('firewall' , redirect_id , 'ipset' , f'flashstart-ipset-{ profile ["id" ]} )
0 commit comments