[25.12] https-dns-proxy: update to 2026.03.18-1#29284
Open
stangri wants to merge 1 commit intoopenwrt:openwrt-25.12from
Open
[25.12] https-dns-proxy: update to 2026.03.18-1#29284stangri wants to merge 1 commit intoopenwrt:openwrt-25.12from
stangri wants to merge 1 commit intoopenwrt:openwrt-25.12from
Conversation
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:
update to 2026.03.18, improve nftables rules
- Update PKG_VERSION to 2026.03.18.
- Set PKG_RELEASE to 1.
- Update PKG_SOURCE_VERSION to 801881210ba8215dc9cd577222d8c10372423360.
- Update PKG_MIRROR_HASH to 4c356c19b62fc7bdef3a67fd678e48f3659d709da10517c2eadef76e3409f5ce.
files/etc/init.d/https-dns-proxy:
- Wrap the notrack chain in its own `inet https_dns_proxy_notrack`
table. A top-level `chain` outside any table is invalid nftables
syntax and is rejected on kernel 6.18+, breaking firewall load.
Fixes mossdef-org/https-dns-proxy#7.
- Syntax-check the generated snippet with `nft -c -f` after write
and report OK/FAIL on the start path.
- On remove, explicitly `nft delete table` in addition to removing
the snippet file, so the live ruleset is cleaned up immediately
rather than waiting for the next fw4 reload.
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 0d5f7a1)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:
update to 2026.03.18, improve nftables rules
files/etc/init.d/https-dns-proxy:
inet https_dns_proxy_notracktable. A top-level
chainoutside any table is invalid nftablessyntax and is rejected on kernel 6.18+, breaking firewall load.
Fixes 20-https-dns-proxy-notrack.nft stops firewall execution in kernel 6.18 mossdef-org/https-dns-proxy#7.
nft -c -fafter writeand report OK/FAIL on the start path.
nft delete tablein addition to removingthe snippet file, so the live ruleset is cleaned up immediately
rather than waiting for the next fw4 reload.
Signed-off-by: Stan Grishin stangri@melmac.ca
(cherry picked from commit 0d5f7a1)