Fix capturing of local DNS servers

Regression was introduced in #337 that is skipping all local traffic, including DNS. This change makes UDP port 53 (DNS) LOCAL traffic to be treated as special case. Fixes #357
author: Nick Sokolov <nsokolov@google.com> 2019-09-13 11:37:20 -0700
committer: Brian May <brian@linuxpenguins.xyz> 2019-09-22 10:37:49 +1000
commit: a7193f508a8f315a134e6ded831f19a9518101e3 (patch)
tree: 43bf0515a9cd89278040d94aa997c13212438856 /sshuttle
parent: 7ebff926378abcf3eaf824b692c5356b2e13b18e (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/sshuttle/methods/nat.py b/sshuttle/methods/nat.py
index 912555d..3435240 100644
--- a/sshuttle/methods/nat.py
+++ b/sshuttle/methods/nat.py
@@ -54,7 +54,13 @@ class Method(BaseMethod):
         # tunnelling the traffic designated to all local TCP/IP addresses.
         _ipt('-A', chain, '-j', 'RETURN',
              '-m', 'addrtype',
-             '--dst-type', 'LOCAL')
+             '--dst-type', 'LOCAL',
+             '!', '-p', 'udp')
+        # Skip LOCAL traffic if it's not DNS.
+        _ipt('-A', chain, '-j', 'RETURN',
+             '-m', 'addrtype',
+             '--dst-type', 'LOCAL',
+             '-p', 'udp', '!', '--dport', '53')
 
         # create new subnet entries.
         for _, swidth, sexclude, snet, fport, lport \
author	Nick Sokolov <nsokolov@google.com>	2019-09-13 11:37:20 -0700
committer	Brian May <brian@linuxpenguins.xyz>	2019-09-22 10:37:49 +1000
commit	a7193f508a8f315a134e6ded831f19a9518101e3 (patch)
tree	43bf0515a9cd89278040d94aa997c13212438856 /sshuttle
parent	7ebff926378abcf3eaf824b692c5356b2e13b18e (diff)