Loading filters into opensnitch #298
Comments
|
Your link has DNS blacklist and Content Filter Lists for HTML. |
|
An adblocker doesn't usually block all traffic, just the browser. You mean use my own dns server? |
|
It's DNS Blocking. Your Link is from the https://adguard.com/ project. both you can install on your own server, for example, a cheap raspberry pi. |
|
I have a dedicated Linux vps. And I've been reading up on the different dns servers available. Bind is the known good one for Linux, but I don't think it supports all the encryption stuff. Also I'm looking into CoreDNS, Adguard. dnscrypt-proxy encrypted all of my dns even though my system doesn't support doh yet. It has great filtering, and the logging that can be turned on makes it easy to see what needs to be allowed and denied. I'm probably going to still need the dnscrypt-proxy to connect to my own server instead of public available servers because my system doesn't support the doh yet. But for filtering, it has some presets, and it's very good, dns with wildcards and ip blocking both. |
|
use local unbound, adguard, gustavo-iniguez-goya/opensnitch what ever you want to achieve. please close this issue, its not an opensnitch related problem. |
|
I've been thinking lately in allow to load lists of suspicious/malware/ads IPs. I think we could use lists like these ones: https://iplists.firehol.org/ But instead of creating new app rules (which would penalize performance a lot), we would have a section in the Rules tab, and the lists would be loaded into the kernel directly.
|
|
I'm testing this feature, using lists from https://firebog.net/ (hosts format): some logs while running: Pros:
Cons:
I think this approach is much better than creating app rules with the ads script of the repository. Would be useful? |
gustavo-iniguez-goya
added
enhancement
feature
|
Yes it is useful, for example to block ads from Spotify. Presently, I do it with some rules prefix by 000-deny-, but it could be definitively useful to do it with a list. |
Initial support to filter connections using lists of domains. The lists must be in hosts format: - 0.0.0.0 www.domain.com - 127.0.0.1 www.domain.com From the rules editor, create a new rule, and select [x] To this lists of domains Select a directory with files in hosts format, select [x] Priority rule, select [x] Deny and click on Apply. An example of a list in hosts format: https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt Note: you can also add a list of domains to allow, not only domains to block. TODOs: - support for URLs besides directories (local lists). - support for scheduled updates of the above URLs. related #298
|
Feature added, you can read more about it here: basically create a new rule like described in the commit, create a directory where you want, and drop a list there: You can combine these lists with other fields, for example to limit a program to connect only to a certain list of domains. If you can build it from sources and test it would be useful. Also if you test it and have any extension to block ads using chrome/ium (uBlock origin or others), I'd interested to know if you see requests being blocked by opensnitch that in theory should be blocked by that extensions.... |
|
All the instructions on how to use it have been added to the wiki: https://github.com/evilsocket/opensnitch/wiki/block-lists |
How can I load these filters into opensnitch?
https://github.com/AdguardTeam/AdguardFilters
The text was updated successfully, but these errors were encountered: