search

0xERR0R / blocky

Fast and lightweight DNS proxy as ad-blocker for local network with many features
https://0xERR0R.github.io/blocky/
Apache License 2.0
4.68k stars 208 forks source link

Conditional groups #1462

Open p3lim opened 5 months ago

p3lim commented 5 months ago

In both upstreams and blocking we can define rules ("groups") for which source hits which resolver/blocklist, but this is not a thing for conditional.

I would like to, as an example, not allow my guest network to resolve my internal authoritative server, only upstreams and/or blocking.

An example wishful configuration (not a direct proposal):

upstreams:
  groups:
    default:
      - 1.1.1.1
    192.168.0.0/24: # my guest network
      - 1.1.1.2
blocking:
  ...
  clientGroupsBlock:
    default:
      - ads
      - gambling
    192.168.0.0/24: # my guest network
      - ads
conditional:
  mapping:
    my.internal.domain: 10.0.0.5 # my internal authoritative dns
    exposed-service.my.internal.domain: 10.0.0.5 # specific service that guests can query
  clientGroups:
    default:
      - my.internal.domain
    192.168.0.0/24: # my guest network does not get to query my entire domain
      - exposed-service.my.internal.domain

In cases where you wouldn't want a client to reach any mappings it could be an empty list, e.g:

clientGroups:
  ...
  192.168.0.0/24: []

This should be optional, both for brievity in the config and for backwards compatibility.

github-actions[bot] commented 2 months ago

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.

bjw-s commented 2 months ago

Not stale