From bb7455f8de019c7646b32832ff3f8bc2b31e2105 Mon Sep 17 00:00:00 2001
From: Alexander Pankratov <s.pankratoff@gmail.com>
Date: Thu, 26 Sep 2024 00:08:07 +0200
Subject: [PATCH] Update ferm

---
 rootfs/etc/ferm/ferm.conf | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/rootfs/etc/ferm/ferm.conf b/rootfs/etc/ferm/ferm.conf
index 20ea075..c70fd48 100644
--- a/rootfs/etc/ferm/ferm.conf
+++ b/rootfs/etc/ferm/ferm.conf
@@ -7,13 +7,13 @@
 # connmark 2 = ACCEPT
 
 domain (ip ip6) {
-    table filter {
-        chain (DOCKER DOCKER-INGRESS DOCKER-ISOLATION-STAGE-1 DOCKER-ISOLATION-STAGE-2 FORWARD) @preserve;
-    }
+	table filter {
+		chain (DOCKER DOCKER-INGRESS DOCKER-ISOLATION-STAGE-1 DOCKER-ISOLATION-STAGE-2 FORWARD) @preserve;
+	}
 
-    table nat {
-        chain (DOCKER DOCKER_OUTPUT DOCKER_POSTROUTING DOCKER-INGRESS PREROUTING OUTPUT POSTROUTING) @preserve;
-    }
+	table nat {
+		chain (DOCKER DOCKER_OUTPUT DOCKER_POSTROUTING DOCKER-INGRESS PREROUTING OUTPUT POSTROUTING) @preserve;
+	}
 }
 
 @include 'whitelist.conf';
@@ -59,7 +59,7 @@ table nat {
 		saddr $VPNTCP_RANGE daddr $VPNTCP_DNS ACCEPT;
 		saddr $DOCKER_RANGE daddr $DOCKER_DNS ACCEPT;
 
-		daddr ($VPNUDP_DNS $VPNTCP_DNS $DOCKER_DNS) REDIRECT;
+	daddr ($VPNUDP_DNS $VPNTCP_DNS $DOCKER_DNS) REDIRECT;
 
 		saddr ($VPNUDP_RANGE $VPNTCP_RANGE $DOCKER_RANGE) daddr ! $DNSMAP_RANGE CONNMARK set-mark 1;
 		saddr ($VPNUDP_RANGE $VPNTCP_RANGE $DOCKER_RANGE) daddr $DNSMAP_RANGE jump dnsmap;
@@ -67,6 +67,11 @@ table nat {
 	chain POSTROUTING {
 		saddr ($VPNUDP_RANGE $VPNTCP_RANGE $DOCKER_RANGE) MASQUERADE;
 	}
+	# localhost rules
+	chain OUTPUT {
+		daddr ($VPNUDP_DNS $VPNTCP_DNS $DOCKER_DNS) REDIRECT;
+	}
+
 }
 
 # IPv6: