search

netblue30 / fdns

Firejail DNS-over-HTTPS Proxy Server
GNU General Public License v3.0
125 stars 30 forks source link

whitelist for domain names #35

Closed rusty-snake closed 4 years ago

rusty-snake commented 4 years ago

A whitelist of allowed domain names would be very nice for use with single firejail sandboxes.

Example:

$ sudo fdns --proxy-addr=127.1.2.3 --wh-dn=mozilla.org --wh-dn=gmail.com
$ firejail --dns=127.1.2.3 thunderbird

Maybe it is better to put the whitelist in a file.

startx2017 commented 4 years ago

Do you mean we should allow only the domains in the whitelist and drop all other? I would call it --whitelist:

--whitelist=domain
--whitelist-file=filename
rusty-snake commented 4 years ago

Yes, only whitelisted domain names are resolved.

startx2017 commented 4 years ago

--whitelist is done, I'll look into --whitelist-filename

netblue30 commented 4 years ago

I have enabled the code from @startx2017 - yes, it was an AppArmor problem, we were blacklisting the user file!