vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-02 10:39:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Block DNS requests if bypass prevention is active

Browse source
This commit is contained in:
Daniel 2022-04-15 13:06:13 +02:00
parent 29bfa9fd91
commit f5afe8b5df
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
firewall/bypassing.go
View file

@ -43,8 +43,12 @@ func PreventBypassing(ctx context.Context, conn *network.Connection) (endpoints.
return endpoints.NoMatch, "", nil return endpoints.NoMatch, "", nil
} }
// Block bypass attempts using an encrypted DNS server. // Block bypass attempts using an (encrypted) DNS server.
switch { switch {
case conn.Entity.Port == 53:
return endpoints.Denied,
"blocked DNS query, manual dns setup required",
nsutil.BlockIP()
case conn.Entity.Port == 853: case conn.Entity.Port == 853:
// Block connections to port 853 - DNS over TLS. // Block connections to port 853 - DNS over TLS.
fallthrough fallthrough