search

apernet / OpenGFW

OpenGFW is a flexible, easy-to-use, open source implementation of GFW (Great Firewall of China) on Linux
https://gfw.dev/
Mozilla Public License 2.0
9.72k stars 733 forks source link

feat: dns lookup function #123

Closed tobyxdd closed 7 months ago

tobyxdd commented 7 months ago

Example of detecting proxy protocols that use "SNI spoofing" (such as Xray Reality):

- name: SNI mismatch
  action: block
  log: true
  expr: tls?.req?.sni != nil && ip.dst not in concat(lookup(tls.req.sni, "1.1.1.1:53"), lookup(tls.req.sni, "8.8.8.8:53"))