internal/router: emit error if dnsfilter is enabled on Ubios/EdgeOS

internal/router/edgeos.go

@@ -37,6 +37,14 @@ func cleanupEdgeOS() error {
 }
 
 func postInstallEdgeOS() error {
+	// If "Content Filtering" is enabled, UniFi OS will create firewall rules to intercept all DNS queries
+	// from outside, and route those queries to separated interfaces (e.g: dnsfilter-2@if79) created by UniFi OS.
+	// Thus, those queries will never reach ctrld listener. UniFi OS does not provide any mechanism to toggle this
+	// feature via command line, so there's nothing ctrld can do to disable this feature. For now, reporting an
+	// error and guiding users to disable the feature using UniFi OS web UI.
+	if contentFilteringEnabled() {
+		return errContentFilteringEnabled
+	}
 	return nil
 }
 

internal/router/ubios.go

@@ -2,12 +2,17 @@ package router
 
 import (
 	"bytes"
+	"fmt"
 	"os"
 	"strconv"
 )
 
+var errContentFilteringEnabled = fmt.Errorf(`the "Content Filtering" feature" is enabled, which is conflicted with ctrld.\n
+To disable it, folowing instruction here: %s`, toggleContentFilteringLink)
+
 const (
-	ubiosDNSMasqConfigPath = "/run/dnsmasq.conf.d/zzzctrld.conf"
+	ubiosDNSMasqConfigPath     = "/run/dnsmasq.conf.d/zzzctrld.conf"
+	toggleContentFilteringLink = "https://community.ui.com/questions/UDM-Pro-disable-enable-DNS-filtering/e2cc4060-e56a-4139-b200-62d7f773ff8f"
 )
 
 func setupUbiOS() error {
@@ -39,6 +44,10 @@ func cleanupUbiOS() error {
 }
 
 func postInstallUbiOS() error {
+	// See comment in postInstallEdgeOS.
+	if contentFilteringEnabled() {
+		return errContentFilteringEnabled
+	}
 	return nil
 }
 
@@ -57,3 +66,8 @@ func ubiosRestartDNSMasq() error {
 	}
 	return proc.Kill()
 }
+
+func contentFilteringEnabled() bool {
+	st, err := os.Stat("/run/dnsfilter/dnsfilter")
+	return err == nil && !st.IsDir()
+}