github/portmaster
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Block DNS requests if bypass prevention is active

Browse Source
This commit is contained in:
Daniel
2022-04-15 13:06:13 +02:00
parent 29bfa9fd91
commit f5afe8b5df
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
firewall/bypassing.go
View File

@@ -43,8 +43,12 @@ func PreventBypassing(ctx context.Context, conn *network.Connection) (endpoints.
return endpoints.NoMatch, "", nil return endpoints.NoMatch, "", nil
} }
// Block bypass attempts using an encrypted DNS server. // Block bypass attempts using an (encrypted) DNS server.
switch { switch {
case conn.Entity.Port == 53:
return endpoints.Denied,
"blocked DNS query, manual dns setup required",
nsutil.BlockIP()
case conn.Entity.Port == 853: case conn.Entity.Port == 853:
// Block connections to port 853 - DNS over TLS. // Block connections to port 853 - DNS over TLS.
fallthrough fallthrough