mirror of https://github.com/0xERR0R/blocky.git
Deployed ef8c008
to main with MkDocs 1.5.3 and mike 2.0.0
This commit is contained in:
parent
f0b3cafee2
commit
459dfe88bf
|
@ -421,18 +421,18 @@
|
|||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#blacklists" class="md-nav__link">
|
||||
<a href="#denylists" class="md-nav__link">
|
||||
<span class="md-ellipsis">
|
||||
Blacklists
|
||||
Denylists
|
||||
</span>
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#whitelists" class="md-nav__link">
|
||||
<a href="#allowlists" class="md-nav__link">
|
||||
<span class="md-ellipsis">
|
||||
Whitelists
|
||||
Allowlists
|
||||
</span>
|
||||
</a>
|
||||
|
||||
|
@ -581,18 +581,18 @@
|
|||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#blacklists" class="md-nav__link">
|
||||
<a href="#denylists" class="md-nav__link">
|
||||
<span class="md-ellipsis">
|
||||
Blacklists
|
||||
Denylists
|
||||
</span>
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#whitelists" class="md-nav__link">
|
||||
<a href="#allowlists" class="md-nav__link">
|
||||
<span class="md-ellipsis">
|
||||
Whitelists
|
||||
Allowlists
|
||||
</span>
|
||||
</a>
|
||||
|
||||
|
@ -737,7 +737,7 @@ INFO server: RUN NumGoroutine = 18
|
|||
automatically.</p>
|
||||
<h2 id="list-sources">List sources</h2>
|
||||
<p>Some links/ideas for lists:</p>
|
||||
<h3 id="blacklists">Blacklists</h3>
|
||||
<h3 id="denylists">Denylists</h3>
|
||||
<ul>
|
||||
<li><a href="https://github.com/StevenBlack/hosts">https://github.com/StevenBlack/hosts</a></li>
|
||||
<li><a href="https://github.com/nickspaargaren/no-google">https://github.com/nickspaargaren/no-google</a></li>
|
||||
|
@ -748,11 +748,11 @@ automatically.</p>
|
|||
</ul>
|
||||
<div class="admonition warning">
|
||||
<p class="admonition-title">Warning</p>
|
||||
<p>Use only blacklists from the sources you trust!</p>
|
||||
<p>Use only denylists from the sources you trust!</p>
|
||||
</div>
|
||||
<h3 id="whitelists">Whitelists</h3>
|
||||
<h3 id="allowlists">Allowlists</h3>
|
||||
<ul>
|
||||
<li><a href="https://github.com/anudeepND/whitelist">https://github.com/anudeepND/whitelist</a></li>
|
||||
<li><a href="https://github.com/anudeepND/allowlist">https://github.com/anudeepND/whitelist</a></li>
|
||||
</ul>
|
||||
<h2 id="list-of-public-dns-servers">List of public <abbr title="Domain Name System">DNS</abbr> servers</h2>
|
||||
<div class="admonition warning">
|
||||
|
@ -760,7 +760,7 @@ automatically.</p>
|
|||
<p><abbr title="Domain Name System">DNS</abbr> server provider has access to all your <abbr title="Domain Name System">DNS</abbr> queries (all visited domain names). Some <abbr title="Domain Name System">DNS</abbr> providers can use (tracking, analyzing, profiling etc.). It is recommended to use different <abbr title="Domain Name System">DNS</abbr> upstream servers in blocky to distribute your <abbr title="Domain Name System">DNS</abbr> queries over multiple providers.</p>
|
||||
<p>Please read the description before using the <abbr title="Domain Name System">DNS</abbr> server as upstream. Some of them provide already an ad-blocker, some
|
||||
filters other content. If you use external <abbr title="Domain Name System">DNS</abbr> server with included ad-blocker, you can't choose which domains should be
|
||||
blocked, and you can't use whitelisting.</p>
|
||||
blocked, and you can't use allowlisting.</p>
|
||||
</div>
|
||||
<p>This is only a small excerpt of all free available <abbr title="Domain Name System">DNS</abbr> servers and should only be understood as an idee.</p>
|
||||
<div class="admonition info">
|
||||
|
|
|
@ -8,10 +8,10 @@ info:
|
|||
|
||||
## Features
|
||||
|
||||
- **Blocking** - Blocking of DNS queries with external lists (Ad-block, malware) and whitelisting
|
||||
- **Blocking** - Blocking of DNS queries with external lists (Ad-block, malware) and allowlisting
|
||||
|
||||
- Definition of black and white lists per client group (Kids, Smart home devices, etc.)
|
||||
- Periodical reload of external black and white lists
|
||||
- Definition of allow/denylists per client group (Kids, Smart home devices, etc.)
|
||||
- Periodical reload of external allow/denylists
|
||||
- Regex support
|
||||
- Blocking of request domain, response CNAME (deep CNAME inspection) and response IP addresses (against IP lists)
|
||||
|
||||
|
|
|
@ -429,7 +429,7 @@
|
|||
"datasource": {
|
||||
"uid": "${DS_PROMETHEUS}"
|
||||
},
|
||||
"description": "Number of blacklist entries",
|
||||
"description": "Number of denylist entries",
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
"mappings": [
|
||||
|
@ -487,7 +487,7 @@
|
|||
"uid": "${DS_PROMETHEUS}"
|
||||
},
|
||||
"exemplar": true,
|
||||
"expr": "sum(blocky_blacklist_cache) / sum(up{job=~\"$job\"})",
|
||||
"expr": "sum(blocky_denylist_cache) / sum(up{job=~\"$job\"})",
|
||||
"format": "table",
|
||||
"instant": false,
|
||||
"interval": "",
|
||||
|
@ -495,7 +495,7 @@
|
|||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"title": "Blacklist entries total",
|
||||
"title": "Denylist entries total",
|
||||
"transparent": true,
|
||||
"type": "stat"
|
||||
},
|
||||
|
@ -1683,7 +1683,7 @@
|
|||
"uid": "${DS_PROMETHEUS}"
|
||||
},
|
||||
"exemplar": false,
|
||||
"expr": "topk(1, blocky_blacklist_cache) by (group)",
|
||||
"expr": "topk(1, blocky_denylist_cache) by (group)",
|
||||
"format": "time_series",
|
||||
"instant": true,
|
||||
"interval": "",
|
||||
|
@ -1691,7 +1691,7 @@
|
|||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"title": "Blacklist by group",
|
||||
"title": "Denylist by group",
|
||||
"transparent": true,
|
||||
"type": "piechart"
|
||||
},
|
||||
|
@ -1978,4 +1978,4 @@
|
|||
"uid": "JvOqE4gRk",
|
||||
"version": 1,
|
||||
"weekStart": ""
|
||||
}
|
||||
}
|
|
@ -243,7 +243,7 @@
|
|||
]
|
||||
}
|
||||
],
|
||||
"title": "Blocked by Blacklist",
|
||||
"title": "Blocked by Denylist",
|
||||
"type": "piechart"
|
||||
},
|
||||
{
|
||||
|
|
|
@ -243,7 +243,7 @@
|
|||
]
|
||||
}
|
||||
],
|
||||
"title": "Blocked by Blacklist",
|
||||
"title": "Blocked by Denylist",
|
||||
"type": "piechart"
|
||||
},
|
||||
{
|
||||
|
|
|
@ -62,10 +62,10 @@ conditional:
|
|||
fritz.box: 192.168.178.1
|
||||
lan.net: 192.168.178.1,192.168.178.2
|
||||
|
||||
# optional: use black and white lists to block queries (for example ads, trackers, adult pages etc.)
|
||||
# optional: use allow/denylists to block queries (for example ads, trackers, adult pages etc.)
|
||||
blocking:
|
||||
# definition of blacklist groups. Can be external link (http/https) or local file
|
||||
blackLists:
|
||||
# definition of denylist groups. Can be external link (http/https) or local file
|
||||
denylists:
|
||||
ads:
|
||||
- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
|
||||
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
|
||||
|
@ -77,14 +77,16 @@ blocking:
|
|||
*.example.com
|
||||
special:
|
||||
- https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts
|
||||
# definition of whitelist groups. Attention: if the same group has black and whitelists, whitelists will be used to disable particular blacklist entries. If a group has only whitelist entries -> this means only domains from this list are allowed, all other domains will be blocked
|
||||
whiteLists:
|
||||
# definition of allowlist groups.
|
||||
# Note: if the same group has both allow/denylists, allowlists take precedence. Meaning if a domain is both blocked and allowed, it will be allowed.
|
||||
# If a group has only allowlist entries, only domains from this list are allowed, and all others be blocked.
|
||||
allowlists:
|
||||
ads:
|
||||
- whitelist.txt
|
||||
- allowlist.txt
|
||||
- |
|
||||
# inline definition with YAML literal block scalar style
|
||||
# hosts format
|
||||
whitelistdomain.com
|
||||
allowlistdomain.com
|
||||
# this is a regex
|
||||
/^banners?[_.-]/
|
||||
# definition: which groups should be applied for which client
|
||||
|
@ -242,7 +244,7 @@ minTlsServeVersion: 1.3
|
|||
#certFile: server.crt
|
||||
#keyFile: server.key
|
||||
|
||||
# optional: use these DNS servers to resolve blacklist urls and upstream DNS servers. It is useful if no system DNS resolver is configured, and/or to encrypt the bootstrap queries.
|
||||
# optional: use these DNS servers to resolve denylist urls and upstream DNS servers. It is useful if no system DNS resolver is configured, and/or to encrypt the bootstrap queries.
|
||||
bootstrapDns:
|
||||
- tcp+udp:1.1.1.1
|
||||
- https://1.1.1.1/dns-query
|
||||
|
|
|
@ -475,23 +475,23 @@
|
|||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#blocking-and-whitelisting" class="md-nav__link">
|
||||
<a href="#blocking-and-allowlisting" class="md-nav__link">
|
||||
<span class="md-ellipsis">
|
||||
Blocking and whitelisting
|
||||
Blocking and allowlisting
|
||||
</span>
|
||||
</a>
|
||||
|
||||
<nav class="md-nav" aria-label="Blocking and whitelisting">
|
||||
<nav class="md-nav" aria-label="Blocking and allowlisting">
|
||||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#definition-black-and-whitelists" class="md-nav__link">
|
||||
<a href="#definition-allowdenylists" class="md-nav__link">
|
||||
<span class="md-ellipsis">
|
||||
Definition black and whitelists
|
||||
Definition allow/denylists
|
||||
</span>
|
||||
</a>
|
||||
|
||||
<nav class="md-nav" aria-label="Definition black and whitelists">
|
||||
<nav class="md-nav" aria-label="Definition allow/denylists">
|
||||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
@ -1053,23 +1053,23 @@
|
|||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#blocking-and-whitelisting" class="md-nav__link">
|
||||
<a href="#blocking-and-allowlisting" class="md-nav__link">
|
||||
<span class="md-ellipsis">
|
||||
Blocking and whitelisting
|
||||
Blocking and allowlisting
|
||||
</span>
|
||||
</a>
|
||||
|
||||
<nav class="md-nav" aria-label="Blocking and whitelisting">
|
||||
<nav class="md-nav" aria-label="Blocking and allowlisting">
|
||||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#definition-black-and-whitelists" class="md-nav__link">
|
||||
<a href="#definition-allowdenylists" class="md-nav__link">
|
||||
<span class="md-ellipsis">
|
||||
Definition black and whitelists
|
||||
Definition allow/denylists
|
||||
</span>
|
||||
</a>
|
||||
|
||||
<nav class="md-nav" aria-label="Definition black and whitelists">
|
||||
<nav class="md-nav" aria-label="Definition allow/denylists">
|
||||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
@ -1403,10 +1403,10 @@ configuration properties as <a href="../config.yml">JSON</a>.</p>
|
|||
<span class="w"> </span><span class="nt">fritz.box</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">192.168.178.1</span>
|
||||
<span class="w"> </span><span class="nt">lan.net</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">192.168.178.1,192.168.178.2</span>
|
||||
|
||||
<span class="c1"># optional: use black and white lists to block queries (for example ads, trackers, adult pages etc.)</span>
|
||||
<span class="c1"># optional: use allow/denylists to block queries (for example ads, trackers, adult pages etc.)</span>
|
||||
<span class="nt">blocking</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="c1"># definition of blacklist groups. Can be external link (http/https) or local file</span>
|
||||
<span class="w"> </span><span class="nt">blackLists</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="c1"># definition of denylist groups. Can be external link (http/https) or local file</span>
|
||||
<span class="w"> </span><span class="nt">denylists</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">ads</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts</span>
|
||||
|
@ -1418,14 +1418,16 @@ configuration properties as <a href="../config.yml">JSON</a>.</p>
|
|||
<span class="w"> </span><span class="no">*.example.com</span>
|
||||
<span class="w"> </span><span class="nt">special</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts</span>
|
||||
<span class="w"> </span><span class="c1"># definition of whitelist groups. Attention: if the same group has black and whitelists, whitelists will be used to disable particular blacklist entries. If a group has only whitelist entries -> this means only domains from this list are allowed, all other domains will be blocked</span>
|
||||
<span class="w"> </span><span class="nt">whiteLists</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="c1"># definition of allowlist groups.</span>
|
||||
<span class="w"> </span><span class="c1"># Note: if the same group has both allow/denylists, allowlists take precedence. Meaning if a domain is both blocked and allowed, it will be allowed.</span>
|
||||
<span class="w"> </span><span class="c1"># If a group has only allowlist entries, only domains from this list are allowed, and all others be blocked.</span>
|
||||
<span class="w"> </span><span class="nt">allowlists</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">ads</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">whitelist.txt</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">allowlist.txt</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="p p-Indicator">|</span>
|
||||
<span class="w"> </span><span class="no"># inline definition with YAML literal block scalar style</span>
|
||||
<span class="w"> </span><span class="no"># hosts format</span>
|
||||
<span class="w"> </span><span class="no">whitelistdomain.com</span>
|
||||
<span class="w"> </span><span class="no">allowlistdomain.com</span>
|
||||
<span class="w"> </span><span class="no"># this is a regex</span>
|
||||
<span class="w"> </span><span class="no">/^banners?[_.-]/</span>
|
||||
<span class="w"> </span><span class="c1"># definition: which groups should be applied for which client</span>
|
||||
|
@ -1583,7 +1585,7 @@ configuration properties as <a href="../config.yml">JSON</a>.</p>
|
|||
<span class="c1">#certFile: server.crt</span>
|
||||
<span class="c1">#keyFile: server.key</span>
|
||||
|
||||
<span class="c1"># optional: use these DNS servers to resolve blacklist urls and upstream DNS servers. It is useful if no system DNS resolver is configured, and/or to encrypt the bootstrap queries.</span>
|
||||
<span class="c1"># optional: use these DNS servers to resolve denylist urls and upstream DNS servers. It is useful if no system DNS resolver is configured, and/or to encrypt the bootstrap queries.</span>
|
||||
<span class="nt">bootstrapDns</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tcp+udp:1.1.1.1</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://1.1.1.1/dns-query</span>
|
||||
|
@ -2233,13 +2235,13 @@ contains a map of client name and multiple IP addresses.</p>
|
|||
</code></pre></div>
|
||||
<p>Use <code>192.168.178.1</code> for <abbr title="Reverse DNS">rDNS</abbr> lookup. Take second name if present, if not take first name. IP address <code>192.168.178.29</code> is mapped to <code>laptop</code> as client name.</p>
|
||||
</div>
|
||||
<h2 id="blocking-and-whitelisting">Blocking and whitelisting</h2>
|
||||
<h2 id="blocking-and-allowlisting">Blocking and allowlisting</h2>
|
||||
<p>Blocky can use lists of domains and IPs to block (e.g. advertisement, malware,
|
||||
trackers, adult sites). You can group several list sources together and define the blocking behavior per client.
|
||||
Blocking uses the <a href="https://en.wikipedia.org/wiki/DNS_sinkhole"><abbr title="Domain Name System">DNS</abbr> sinkhole</a> approach. For each <abbr title="Domain Name System">DNS</abbr> query, the domain name from
|
||||
the request, IP address from the response, and any <abbr title="Canonical Name">CNAME</abbr> records will be checked to determine whether to block the query or not.</p>
|
||||
<p>To avoid over-blocking, you can use whitelists.</p>
|
||||
<h3 id="definition-black-and-whitelists">Definition black and whitelists</h3>
|
||||
<p>To avoid over-blocking, you can use allowlists.</p>
|
||||
<h3 id="definition-allowdenylists">Definition allow/denylists</h3>
|
||||
<p>Lists are defined in groups. This allows using different sets of lists for different clients.</p>
|
||||
<p>Each list in a group is a "source" and can be downloaded, read from a file, or inlined in the config. See <a href="#sources">Sources</a> for details and configuring how those are loaded and reloaded/refreshed.</p>
|
||||
<p>The supported list formats are:</p>
|
||||
|
@ -2252,7 +2254,7 @@ the request, IP address from the response, and any <abbr title="Canonical Name">
|
|||
<div class="admonition example">
|
||||
<p class="admonition-title">Example</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nt">blocking</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">blackLists</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">denylists</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">ads</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts</span>
|
||||
|
@ -2267,25 +2269,24 @@ the request, IP address from the response, and any <abbr title="Canonical Name">
|
|||
<span class="w"> </span><span class="no">/^banners?[_.-]/</span>
|
||||
<span class="w"> </span><span class="nt">special</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts</span>
|
||||
<span class="w"> </span><span class="nt">whiteLists</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">allowlists</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">ads</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">whitelist.txt</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">allowlist.txt</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/path/to/file.txt</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="p p-Indicator">|</span>
|
||||
<span class="w"> </span><span class="no"># inline definition with YAML literal block scalar style</span>
|
||||
<span class="w"> </span><span class="no">whitelistdomain.com</span>
|
||||
<span class="w"> </span><span class="no">allowlistdomain.com</span>
|
||||
</code></pre></div>
|
||||
<p>In this example you can see 2 groups: <strong>ads</strong> and <strong>special</strong> with one list. The <strong>ads</strong> group includes 2 inline lists.</p>
|
||||
</div>
|
||||
<div class="admonition warning">
|
||||
<p class="admonition-title">Warning</p>
|
||||
<p>If the same group has black and whitelists, whitelists will be used to disable particular blacklist entries.
|
||||
If a group has <strong>only</strong> whitelist entries -> this means only domains from this list are allowed, all other domains will
|
||||
be blocked.</p>
|
||||
<p>If the same group has <strong>both</strong> allow/denylists, allowlists take precedence. Meaning if a domain is both blocked and allowed, it will be allowed.
|
||||
If a group has <strong>only allowlist</strong> entries, only domains from this list are allowed, and all others be blocked.</p>
|
||||
</div>
|
||||
<div class="admonition warning">
|
||||
<p class="admonition-title">Warning</p>
|
||||
<p>You must also define client group mapping, otherwise you black and whitelist definition will have no effect.</p>
|
||||
<p>You must also define a client group mapping, otherwise the allow/denylist definitions will have no effect.</p>
|
||||
</div>
|
||||
<h4 id="wildcard-support">Wildcard support</h4>
|
||||
<p>You can use wildcards to block a domain and all its subdomains.
|
||||
|
@ -2929,7 +2930,7 @@ These settings apply only to the resolver under which they are nested.</p>
|
|||
<p class="admonition-title">Example</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nt">blocking</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">loading</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="c1"># only applies to white/blacklists</span>
|
||||
<span class="w"> </span><span class="c1"># only applies to allow/denylists</span>
|
||||
|
||||
<span class="nt">hostsFile</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">loading</span><span class="p">:</span>
|
||||
|
|
|
@ -489,10 +489,10 @@
|
|||
<h2 id="features">Features</h2>
|
||||
<ul>
|
||||
<li>
|
||||
<p><strong>Blocking</strong> - <img alt="⛔" class="twemoji" src="https://cdn.jsdelivr.net/gh/jdecked/twemoji@15.0.3/assets/svg/26d4.svg" title=":no_entry:" /> Blocking of <abbr title="Domain Name System">DNS</abbr> queries with external lists (Ad-block, malware) and whitelisting</p>
|
||||
<p><strong>Blocking</strong> - <img alt="⛔" class="twemoji" src="https://cdn.jsdelivr.net/gh/jdecked/twemoji@15.0.3/assets/svg/26d4.svg" title=":no_entry:" /> Blocking of <abbr title="Domain Name System">DNS</abbr> queries with external lists (Ad-block, malware) and allowlisting</p>
|
||||
<ul>
|
||||
<li>Definition of black and white lists per client group (Kids, Smart home devices, etc.)</li>
|
||||
<li>Periodical reload of external black and white lists</li>
|
||||
<li>Definition of allow/denylists per client group (Kids, Smart home devices, etc.)</li>
|
||||
<li>Periodical reload of external allow/denylists</li>
|
||||
<li>Regex support</li>
|
||||
<li>Blocking of request domain, response <abbr title="Canonical Name">CNAME</abbr> (deep <abbr title="Canonical Name">CNAME</abbr> inspection) and response IP addresses (against IP lists)</li>
|
||||
</ul>
|
||||
|
|
|
@ -889,7 +889,7 @@
|
|||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tcp-tls:fdns1.dismail.de:853</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://dns.digitale-gesellschaft.ch/dns-query</span>
|
||||
<span class="nt">blocking</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">blackLists</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">denylists</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">ads</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts</span>
|
||||
<span class="w"> </span><span class="nt">clientGroupsBlock</span><span class="p">:</span>
|
||||
|
@ -944,8 +944,8 @@ Default value is <code>/app/config.yml</code>.</p>
|
|||
</code></pre></div>
|
||||
<h3 id="advanced-setup">Advanced setup</h3>
|
||||
<p>Following example shows, how to run blocky in a docker container and store query logs on a <abbr title="Server Message Block Protocol (Windows Network File System)">SAMBA</abbr> share. Local black and
|
||||
whitelists directories are mounted as volume. You can create own black or whitelists in these directories and define the
|
||||
path like '/app/whitelists/whitelist.txt' in the config file.</p>
|
||||
allowlists directories are mounted as volume. You can create own black or allowlists in these directories and define the
|
||||
path like '/app/allowlists/allowlist.txt' in the config file.</p>
|
||||
<div class="admonition example">
|
||||
<p class="admonition-title">Example</p>
|
||||
</div>
|
||||
|
@ -966,9 +966,9 @@ path like '/app/whitelists/whitelist.txt' in the config file.</p>
|
|||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./config.yml:/app/config.yml</span>
|
||||
<span class="w"> </span><span class="c1"># write query logs in this volume</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">queryLogs:/logs</span>
|
||||
<span class="w"> </span><span class="c1"># put your custom white and blacklists in these directories</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./blacklists:/app/blacklists/</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./whitelists:/app/whitelists/</span>
|
||||
<span class="w"> </span><span class="c1"># put your custom allow/denylists in these directories</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./denylists:/app/denylists/</span>
|
||||
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">./allowlists:/app/allowlists/</span>
|
||||
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="w"> </span><span class="nt">queryLogs</span><span class="p">:</span>
|
||||
|
|
|
@ -496,10 +496,10 @@
|
|||
|
||||
<span class="w"> </span><span class="no">## Features</span>
|
||||
|
||||
<span class="w"> </span><span class="no">- **Blocking** - Blocking of DNS queries with external lists (Ad-block, malware) and whitelisting</span>
|
||||
<span class="w"> </span><span class="no">- **Blocking** - Blocking of DNS queries with external lists (Ad-block, malware) and allowlisting</span>
|
||||
|
||||
<span class="w"> </span><span class="no">- Definition of black and white lists per client group (Kids, Smart home devices, etc.)</span>
|
||||
<span class="w"> </span><span class="no">- Periodical reload of external black and white lists</span>
|
||||
<span class="w"> </span><span class="no">- Definition of allow/denylists per client group (Kids, Smart home devices, etc.)</span>
|
||||
<span class="w"> </span><span class="no">- Periodical reload of external allow/denylists</span>
|
||||
<span class="w"> </span><span class="no">- Regex support</span>
|
||||
<span class="w"> </span><span class="no">- Blocking of request domain, response CNAME (deep CNAME inspection) and response IP addresses (against IP lists)</span>
|
||||
|
||||
|
@ -747,7 +747,7 @@
|
|||
<li><code>./blocky blocking status</code> to print current status of blocking</li>
|
||||
<li><code>./blocky query <domain></code> execute <abbr title="Domain Name System">DNS</abbr> query (A) (simple replacement for dig, useful for debug purposes)</li>
|
||||
<li><code>./blocky query <domain> --type <queryType></code> execute <abbr title="Domain Name System">DNS</abbr> query with passed query type (A, AAAA, MX, ...)</li>
|
||||
<li><code>./blocky lists refresh</code> reloads all white and blacklists</li>
|
||||
<li><code>./blocky lists refresh</code> reloads all allow/denylists</li>
|
||||
</ul>
|
||||
<div class="admonition tip">
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
|
|
@ -598,8 +598,8 @@
|
|||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>blocky_blacklist_cache / blocky_whitelist_cache</td>
|
||||
<td>Number of entries in blacklist/whitelist cache, partitioned by group</td>
|
||||
<td>blocky_denylist_cache / blocky_allowlist_cache</td>
|
||||
<td>Number of entries in denylist/allowlist cache, partitioned by group</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>blocky_error_total</td>
|
||||
|
@ -645,7 +645,7 @@
|
|||
</table>
|
||||
<h3 id="grafana-dashboard">Grafana dashboard</h3>
|
||||
<p>Example <a href="https://grafana.com/">Grafana</a> dashboard
|
||||
definition <a href="https://github.com/0xERR0R/blocky/blob/main/docs/blocky-grafana.json">as JSON</a>
|
||||
definition <a href="../blocky-grafana.json">as JSON</a>
|
||||
or <a href="https://grafana.com/grafana/dashboards/13768">at grafana.com</a>
|
||||
<img alt="grafana-dashboard" src="../grafana-dashboard.png" />.</p>
|
||||
<p>This dashboard shows all relevant statistics and allows enabling and disabling the blocking status.</p>
|
||||
|
@ -658,12 +658,12 @@ in config or as env to use control buttons to enable/disable the blocking status
|
|||
blocky, prometheus (with configured scraper for blocky) and grafana with prometheus datasource.</p>
|
||||
<h2 id="mysql-mariadb">MySQL / MariaDB</h2>
|
||||
<p>If database query logging is activated (see <a href="../configuration/#query-logging">Query logging</a>), you can use following
|
||||
Grafana Dashboard <a href="https://github.com/0xERR0R/blocky/blob/main/docs/blocky-query-grafana.json">as JSON</a>
|
||||
Grafana Dashboard <a href="../blocky-query-grafana.json">as JSON</a>
|
||||
or <a href="https://grafana.com/grafana/dashboards/14980">at grafana.com</a></p>
|
||||
<p><img alt="grafana-dashboard" src="../grafana-query-dashboard.png" />.</p>
|
||||
<p>Please define the MySQL source in Grafana, which points to the database with blocky's log entries.</p>
|
||||
<h2 id="postgres">Postgres</h2>
|
||||
<p>The JSON for a Grafana dashboard equivalent to the MySQL/MariaDB version is located <a href="https://github.com/0xERR0R/blocky/blob/main/docs/blocky-query-grafana-postgres.json">here</a></p>
|
||||
<p>The JSON for a Grafana dashboard equivalent to the MySQL/MariaDB version is located <a href="../blocky-query-grafana-postgres.json">here</a></p>
|
||||
|
||||
|
||||
|
||||
|
|
File diff suppressed because one or more lines are too long
Binary file not shown.
Loading…
Reference in New Issue