vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-02 10:39:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #188 from safing/feature/block-dns-servers-in-bypassing-check

Browse source 
Block DNS servers in prevent bypassing check
This commit is contained in:
Patrick Pacher 2020-11-05 10:04:24 +01:00 committed by GitHub
commit 2400a3b990
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
firewall/bypassing.go
View file

@ -8,6 +8,10 @@ import (
"github.com/safing/portmaster/profile/endpoints"
)
var (
resolverFilterLists = []string{"17-DNS"}
)
// PreventBypassing checks if the connection should be denied or permitted
// based on some bypass protection checks.
func PreventBypassing(conn *network.Connection) (endpoints.EPResult, string, nsutil.Responder) {
@ -18,5 +22,11 @@ func PreventBypassing(conn *network.Connection) (endpoints.EPResult, string, nsu
nsutil.NxDomain()
}
if conn.Entity.MatchLists(resolverFilterLists) {
return endpoints.Denied,
"blocked rogue connection to DNS resolver",
nsutil.ZeroIP()
}
return endpoints.NoMatch, "", nil
}

3
profile/config.go
View file

@ -481,7 +481,8 @@ Examples:
Key: CfgOptionPreventBypassingKey,
Description: `Prevent apps from bypassing the privacy filter.
Current Features:
- Disable Firefox' internal DNS-over-HTTPs resolver`,
- Disable Firefox' internal DNS-over-HTTPs resolver
- Block direct access to public DNS resolvers`,
OptType: config.OptTypeInt,
ExpertiseLevel: config.ExpertiseLevelUser,
ReleaseLevel: config.ReleaseLevelBeta,