Add blacklist and whitelist logic.

2025-08-19 04:59:25 -07:00 · 2024-10-12 21:47:02 +02:00 · 2024-10-12 21:47:02 +02:00 · 40f3906115
commit 40f3906115
parent 27d245625c
3 changed files with 61 additions and 39 deletions
--- a/modules/dns_proxy/dns_proxy.go
+++ b/modules/dns_proxy/dns_proxy.go
@ -113,10 +113,10 @@ func NewDnsProxy(s *session.Session) *DnsProxy {
 		"Address to bind the DNS proxy to."))

 	mod.AddParam(session.NewStringParameter("dns.proxy.blacklist", "", "",
-		"Comma separated list of hostnames to skip while proxying (wildcard expressions can be used)."))
+		"Comma separated list of client IPs to skip while proxying."))

 	mod.AddParam(session.NewStringParameter("dns.proxy.whitelist", "", "",
-		"Comma separated list of hostnames to proxy if the blacklist is used (wildcard expressions can be used)."))
+		"Comma separated list of client IPs to proxy if the blacklist is used."))

 	mod.AddParam(session.NewStringParameter("dns.proxy.nameserver",
 		"1.1.1.1",
--- a/modules/dns_proxy/dns_proxy_base.go
+++ b/modules/dns_proxy/dns_proxy_base.go
@ -41,6 +41,24 @@ type DNSProxy struct {
 	tag        string
 }

+func (p *DNSProxy) shouldProxy(clientIP string) bool {
+	// check if this client is in the whitelist
+	for _, ip := range p.Whitelist {
+		if clientIP == ip {
+			return true
+		}
+	}
+
+	// check if this client is in the blacklist
+	for _, ip := range p.Blacklist {
+		if clientIP == ip {
+			return false
+		}
+	}
+
+	return true
+}
+
 func (p *DNSProxy) Configure(address string, dnsPort int, doRedirect bool, nameserver string, netProtocol string, proxyPort int, scriptPath string, certFile string, keyFile string) error {
 	var err error

--- a/modules/dns_proxy/dns_proxy_base_filters.go
+++ b/modules/dns_proxy/dns_proxy_base_filters.go
@ -59,6 +59,7 @@ func (p *DNSProxy) logResponseAction(m *dns.Msg, clientIP string) {
 }

 func (p *DNSProxy) onRequestFilter(query *dns.Msg, clientIP string) (req, res *dns.Msg) {
+	if p.shouldProxy(clientIP) {
 		p.Debug("< %s q[%s]",
 			clientIP,
 			strings.Join(questionsToStrings(query.Question), ","))
@ -81,11 +82,13 @@ func (p *DNSProxy) onRequestFilter(query *dns.Msg, clientIP string) (req, res *d
 			p.logResponseAction(res, clientIP)
 			return query, res
 		}
+	}

 	return query, nil
 }

 func (p *DNSProxy) onResponseFilter(req, res *dns.Msg, clientIP string) *dns.Msg {
+	if p.shouldProxy(clientIP) {
 		// sometimes it happens ¯\_(ツ)_/¯
 		if res == nil {
 			return nil
@ -108,6 +111,7 @@ func (p *DNSProxy) onResponseFilter(req, res *dns.Msg, clientIP string) *dns.Msg
 				return res
 			}
 		}
+	}

 	return res
 }