github/portmaster
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Let decision reasons decide on the DNS reply

Browse Source
This commit is contained in:
Patrick Pacher
2020-04-30 13:44:10 +02:00
parent f89d0672b3
commit 2dda3813fa
7 changed files with 173 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
firewall/bypassing.go
View File

@@ -3,17 +3,18 @@ package firewall
import (
"strings"
"github.com/safing/portmaster/nameserver/nsutil"
"github.com/safing/portmaster/network"
"github.com/safing/portmaster/profile/endpoints"
)
// PreventBypassing checks if the connection should be denied or permitted
// based on some bypass protection checks.
func PreventBypassing(conn *network.Connection) (endpoints.EPResult, string) {
func PreventBypassing(conn *network.Connection) (endpoints.EPResult, string, nsutil.Responder) {
// Block firefox canary domain to disable DoH
if strings.ToLower(conn.Entity.Domain) == "use-application-dns.net." {
return endpoints.Denied, "blocked canary domain to prevent enabling DNS-over-HTTPs"
return endpoints.Denied, "blocked canary domain to prevent enabling DNS-over-HTTPs", nsutil.NxDomain()
}
return endpoints.NoMatch, ""
return endpoints.NoMatch, "", nil
}