From 726a25a7ea3a7663cafdd5cdf0e5900e5ec8b73e Mon Sep 17 00:00:00 2001
From: Cuong Manh Le <cuong@windscribe.com>
Date: Fri, 2 Jun 2023 15:45:01 +0000
Subject: [PATCH] internal/router: emit error if dnsfilter is enabled on
 Ubios/EdgeOS

---
 internal/router/edgeos.go |  8 ++++++++
 internal/router/ubios.go  | 16 +++++++++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/internal/router/edgeos.go b/internal/router/edgeos.go
index 4a8e57e..ccdb164 100644
--- a/internal/router/edgeos.go
+++ b/internal/router/edgeos.go
@@ -37,6 +37,14 @@ func cleanupEdgeOS() error {
 }
 
 func postInstallEdgeOS() error {
+	// If "Content Filtering" is enabled, UniFi OS will create firewall rules to intercept all DNS queries
+	// from outside, and route those queries to separated interfaces (e.g: dnsfilter-2@if79) created by UniFi OS.
+	// Thus, those queries will never reach ctrld listener. UniFi OS does not provide any mechanism to toggle this
+	// feature via command line, so there's nothing ctrld can do to disable this feature. For now, reporting an
+	// error and guiding users to disable the feature using UniFi OS web UI.
+	if contentFilteringEnabled() {
+		return errContentFilteringEnabled
+	}
 	return nil
 }
 
diff --git a/internal/router/ubios.go b/internal/router/ubios.go
index 8be261f..48e5d41 100644
--- a/internal/router/ubios.go
+++ b/internal/router/ubios.go
@@ -2,12 +2,17 @@ package router
 
 import (
 	"bytes"
+	"fmt"
 	"os"
 	"strconv"
 )
 
+var errContentFilteringEnabled = fmt.Errorf(`the "Content Filtering" feature" is enabled, which is conflicted with ctrld.\n
+To disable it, folowing instruction here: %s`, toggleContentFilteringLink)
+
 const (
-	ubiosDNSMasqConfigPath = "/run/dnsmasq.conf.d/zzzctrld.conf"
+	ubiosDNSMasqConfigPath     = "/run/dnsmasq.conf.d/zzzctrld.conf"
+	toggleContentFilteringLink = "https://community.ui.com/questions/UDM-Pro-disable-enable-DNS-filtering/e2cc4060-e56a-4139-b200-62d7f773ff8f"
 )
 
 func setupUbiOS() error {
@@ -39,6 +44,10 @@ func cleanupUbiOS() error {
 }
 
 func postInstallUbiOS() error {
+	// See comment in postInstallEdgeOS.
+	if contentFilteringEnabled() {
+		return errContentFilteringEnabled
+	}
 	return nil
 }
 
@@ -57,3 +66,8 @@ func ubiosRestartDNSMasq() error {
 	}
 	return proc.Kill()
 }
+
+func contentFilteringEnabled() bool {
+	st, err := os.Stat("/run/dnsfilter/dnsfilter")
+	return err == nil && !st.IsDir()
+}