Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dropping DNS Packets #42

Open
chirayu-patel opened this issue Oct 31, 2020 · 1 comment
Open

Dropping DNS Packets #42

chirayu-patel opened this issue Oct 31, 2020 · 1 comment

Comments

@chirayu-patel
Copy link

I understand that this project was created to intercept the https traffic using SNI..

But my requirement is to drop the packets right at the DNS level itself.

something like :
iptables -t raw -I PREROUTING -p udp --dport 53 -m string --hex-string "${domain}" --algo bm -j DROP

Now for multiple domains, this would be very inefficient.. I like the concept of hostset.. Is it possible to use the same concept here to drop multiple domains. May be such a module already exists but I am not aware about it..

sorry if its a foolish request.. but was just wondering

@Lochnair
Copy link
Owner

Certainly not a foolish request, but it's not something that can be done with xt_tls.

You'd need a similar module that implements parsing of the DNS protocol instead of TLS. Fully doable of course, but would take time to implement.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants