diff --git a/files/etc/cron.hourly/check-supernodes b/files/etc/cron.hourly/check-supernodes index 01cd2ed4..6ffe93e0 100755 --- a/files/etc/cron.hourly/check-supernodes +++ b/files/etc/cron.hourly/check-supernodes @@ -51,17 +51,28 @@ if c:get("aredn", "@supernode[0]", "support") == "0" then os.exit(0) end --- Find the first supernode to use as a nameserver -local dns = "" +-- Find the closest supernode to use as a nameserver +local sn = {} for _, hna in ipairs(aredn.olsr.getOLSRHNA()) do if hna.genmask == 8 and hna.destination == "10.0.0.0" then - dns = "#" .. hna.gateway .. "\nserver=/local.mesh/" .. hna.gateway .. "\nrev-server=10.0.0.0/8," .. hna.gateway .. "\nrev-server=172.31.0.0/16," .. hna.gateway .. "\nrev-server=172.30.0.0/16," .. hna.gateway .. "\n" + sn[hna.gateway] = true break end end +local best = { destination = nil, etx = 99999999 } +for _, route in ipairs(aredn.olsr.getOLSRRoutes()) +do + if sn[route.destination] and route.etx < best.etx then + best = route + end +end +if not best.destination then + os.exit(0) +end --- Updae the dns and restart network if necessary +-- Update the dns and restart network if necessary +local dns = "#" .. best.destination .. "\nserver=/local.mesh/" .. best.destination .. "\nrev-server=10.0.0.0/8," ..best.destination .. "\nrev-server=172.31.0.0/16," .. best.destination .. "\nrev-server=172.30.0.0/16," .. best.destination .. "\n" local odns = "" local f = io.open(dns_file) if f then diff --git a/files/etc/local/mesh-firewall/13-supernode-rules b/files/etc/local/mesh-firewall/13-supernode-rules index 00e0a1cd..99449126 100755 --- a/files/etc/local/mesh-firewall/13-supernode-rules +++ b/files/etc/local/mesh-firewall/13-supernode-rules @@ -36,6 +36,8 @@ SUPERNODE_ENABLE=$(/sbin/uci -q get aredn.@supernode[0].enable) if [ "${SUPERNODE_ENABLE}" = "1" ]; then nft insert rule ip fw4 input_dtdlink udp dport 53 accept comment \"dns access\" 2> /dev/null - nft insert rule ip fw4 input_dtdlink tcp dport 53 accept comment \"dns access\" > /dev/null + nft insert rule ip fw4 input_dtdlink tcp dport 53 accept comment \"dns access\" 2> /dev/null + nft insert rule ip fw4 input_vpn udp dport 53 accept comment \"dns access\" 2> /dev/null + nft insert rule ip fw4 input_vpn tcp dport 53 accept comment \"dns access\" 2> /dev/null ip route add blackhole 10.0.0.0/8 table 30 fi