[Dnsmasq-discuss] [PATCH] Connection track mark based DNS query filtering.
Geert Stappers
stappers at stappers.nl
Sun Oct 23 10:43:16 UTC 2022
On Sun, Oct 23, 2022 at 10:15:47AM +0200, Geert Stappers via Dnsmasq-discuss wrote:
> On Fri, Jan 22, 2021 at 09:34:53PM +0100, Etan Kissling wrote:
> > This extends query filtering support beyond what is currently possible
> > with the `--ipset` configuration option, by adding support for:
> > 1) Specifying allowlists on a per-client basis, based on their
> > associated Linux connection track mark.
> > 2) Dynamic configuration of allowlists via Ubus.
> > 3) Reporting when a DNS query resolves or is rejected via Ubus.
> > 4) DNS name patterns containing wildcards.
> >
> > Disallowed queries are not forwarded; they are rejected
> > with a REFUSED error code.
> >
> > Signed-off-by: Etan Kissling <etan_kissling at apple.com>
> > ---
> > Makefile | 2 +-
> > man/dnsmasq.8 | 31 +++-
> > src/dnsmasq.h | 25 +++-
> > src/forward.c | 123 +++++++++++++++-
> > src/option.c | 134 ++++++++++++++++++
> > src/pattern.c | 386 ++++++++++++++++++++++++++++++++++++++++++++++++++
> > src/rfc1035.c | 82 +++++++++++
> > src/ubus.c | 182 ++++++++++++++++++++++++
> > 8 files changed, 956 insertions(+), 9 deletions(-)
> > create mode 100644 src/pattern.c
>
>
> Found this while looking for another patch.
> Did see that no one did respond to the patch.
> I might be wrong about that due my archive my only point of view.
>
>
> What where other responses?
>
I'm asking especially the mailinglist because I got
<etan_kissling at apple.com>: host mx-in.g.apple.com[17.72.136.242] said: 550
5.1.6 recipient no longer on server: etan_kissling at apple.com (in reply to
RCPT TO command)
Groeten
Geert Stappers
--
Silence is hard to parse
More information about the Dnsmasq-discuss
mailing list