[Dnsmasq-discuss] ipset-dns: Integrate Netfilter IPSet Support
sven falempin
sven.falempin at gmail.com
Fri Feb 15 21:42:28 GMT 2013
On Fri, Feb 15, 2013 at 3:14 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> Hi Simon,
>
> On Fri, Feb 15, 2013 at 3:05 PM, Simon Kelley <simon at thekelleys.org.uk>
> wrote:
> > It looks like the extra code is quite small, so I'd certainly consider
> > it.
>
> Wonderful! I've extracted heavy lifting code into a separate file
> (attached as ipset.c), and licensed it under the same license as
> dnsmasq so that you can just copy and paste. Given that the
> server=/.../ matching already exists and that the difficult netlink
> part has already been written, adding this to dnsmasq should be very
> trivial.
>
> > Do you take account of the time-to-live of DNS records, or are
> > ipsets create-only?
>
> IPs can be both added and removed to and from ipsets. Ipset itself
> doesn't have a built-in TTL mechanism, but it would be trivial to just
> remove IPs from the ipset at the sametime dnsmasq purges its cache.
> This isn't always the desired behavior, however -- if I have connected
> to an IP address that was added to an ipset via its DNS lookup, I
> don't want it to be removed from the ipset while I'm still connected
> to it, even if the DNS TTL is up. In any case, I've added a "remove"
> argument to the ipset function so that you can easily add this
> functionality behind a switch.
>
> Looking forward! Thanks Simon.
>
> Jason
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
Previsouly i propose a patch to filter out some domain,
i understand filtering should be done by iptables, but only if you think
linux.
Is it possible to use a version of this code to filter some domain out
and/or to allow just a subset of domains ?
--
---------------------------------------------------------------------------------------------------------------------
() ascii ribbon campaign - against html e-mail
/\
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20130215/e4430f17/attachment.html>
More information about the Dnsmasq-discuss
mailing list