setup blacklist and whitelist

sorz / moproxy

A transparent TCP to SOCKSv5/HTTP proxy on Linux written in Rust.

MIT License

227 stars 35 forks source link

setup blacklist and whitelist #13

Open AkramiPro opened 1 year ago

AkramiPro commented 1 year ago

i want all traffic pass through direct connection expect some domains (like Privoxy program) Example:

*     direct
*.test.com   proxy
*.test2.org   proxy
cdn.test2.org direct

sorz commented 1 year ago

I'm doing this on iptables/nftables level: let DNS resolver add IP addresses to ipset (or nft set), then match them on the firewall. I was using dnsmasq (w/ ipset feature) + iptables, then switched to unbound + dnsnfset + nftables solution.

But this only works on transparent proxy mode, not the SOCKS5 frontend, and it's way too complicated. I agree that the black/whitelist is a nice-to-have feature.