Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- (Get-Content -Raw 'dns_rules.json' | ConvertFrom-Json) | % {
- $queries = @()
- try {
- foreach ($hostname in $_.hostnames | Sort-Object -Unique) {
- $queries += Resolve-DnsName -Name $hostname -ErrorVariable +err
- }
- } catch {
- return
- }
- $rule = Get-NetFirewallRule -Name $_.rule
- if ( $rule.Description ) {
- Remove-NetRoute -DestinationPrefix ($rule.Description | ConvertFrom-Json) `
- -Confirm:$false `
- -ErrorAction SilentlyContinue
- $rule.Description = ''
- $rule | Set-NetFirewallRule
- }
- $rule | Get-NetFirewallAddressFilter `
- | Set-NetFirewallAddressFilter -RemoteAddress $queries.IPAddress
- if ( $_.route ) {
- $ipconfig = Get-NetIPConfiguration -InterfaceAlias $_.route.interface
- $tag = @()
- foreach ( $query in $queries ) {
- if ( $query.Type -eq 'AAAA' ) {
- $dest = "$($query.IPAddress)/128"
- $nexthop = $ipconfig.IPv6DefaultGateway.NextHop
- } else {
- $dest = "$($query.IPAddress)/32"
- $nexthop = $ipconfig.IPv4DefaultGateway.NextHop
- }
- $tag += $dest
- New-NetRoute -DestinationPrefix $dest `
- -InterfaceIndex $ipconfig.InterfaceIndex `
- -NextHop $nexthop `
- -PolicyStore ActiveStore `
- -RouteMetric 0 `
- -ErrorAction SilentlyContinue
- }
- $rule.Description = $tag | ConvertTo-Json -Compress
- $rule | Set-NetFirewallRule
- }
- }
- if ( $err ) {
- $err | Out-File 'dns_rules.log' -Append
- exit 1
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement