[Dnsmasq-discuss] [PATCH v9] Connection track mark based DNS query filtering.

Feed Back stappers at stappers.nl
Mon Jun 21 19:39:44 UTC 2021


On Wed, Jun 16, 2021 at 09:56:17PM +0000, Etan Kissling wrote:
> This extends query filtering support beyond what is currently possible
> with the `--ipset` configuration option, by adding support for:
> 1) Specifying allowlists on a per-client basis, based on their
>    associated Linux connection track mark.
> 2) Dynamic configuration of allowlists via Ubus.
> 3) Reporting when a DNS query resolves or is rejected via Ubus.
> 4) DNS name patterns containing wildcards.
> 
> Disallowed queries are not forwarded; they are rejected
> with a REFUSED error code.
> 
> Signed-off-by: Etan Kissling <etan_kissling at apple.com>
> (addressed reviewer feedback)
> Signed-off-by: Etan Kissling <etan.kissling at gmail.com>

It became commit 627056febbf1b


Thanks
A community member



More information about the Dnsmasq-discuss mailing list