Comments (10)
I do not quite understand what I want to get in the end?
In version 1.7, this is most likely not done, but in the "2. +" branch, it probably makes sense to add a comparison for the domain name.
iptables .... -m ndpi --https --http-host .google.com ...
from ndpi.
@vel21ripn I am not talking about https but plain http(1.x) such as:
iptables .... -m ndpi --http --http-host .google.com ...
iptables .... -m ndpi --http --http-host .google.com ...
iptables .... -m ndpi --http --http-host test..google.com ...
Which basically will make admins life easier in general to handle a strict http\https access policy without going to the depth of a full http proxy installation.
It will also make iptables more modular then it is now.
The dream would be to be able to send something like the src ip and the current destination domain to some local in ram Filtering DB and the response will decide if the connection is allowed or not but it's a dream and requires from someone to put some cash on the it.
From what I remember suricata-ids have such a feature but it was so complex for me to install and configure that I left it and continued to work with a custom tproxy.
from ndpi.
I solved common problems with migration to dev-2.3, now I can try to add this functionality.
from ndpi.
I think, for this feature best functional is 'sets', like:
# create set
iptables -t mangle -A POSTROUTING -m ndpi --http-domain --set name0 -j DROP
iptables -t mangle -A PREROUTING -m ndpi --http-domain --set name0 -j DROP
# add domain
echo +google.com > /proc/net/ndpi_http_domain/name0
# delete domain
echo -google.com > /proc/net/ndpi_http_domain/name0
# add multiple domain
echo +google.com,google.co.jp > /proc/net/ndpi_http_domain/name0
This is just a copy-paste - functional was already implemented int aabc/ipt-ratelimit.
from ndpi.
@k0ste No! In "nDPI" there is a comparison for domains. You need to add the ability to override it without recompiling. It works with the ssl, http and dns protocols.
from ndpi.
Why this:
# Big list in magle
iptables -t mangle -A PREROUTING -m ndpi --domain --match google.com -j DROP
iptables -t mangle -A PREROUTING -m ndpi --domain --match google.cz -j DROP
iptables -t mangle -A PREROUTING -m ndpi --domain --match google.cn -j DROP
Better than this:
# one rule
iptables -t mangle -A PREROUTING -m ndpi --domain --set name0 -j DROP
# one management set
echo +google.com,google.cz,google.cn > /proc/net/ndpi_http_domain/name0
The case: I need to filter 3 different clients:
- first client have 500 domains in list;
- 2nd: 3500 domains;
- 3rd: 1000 domains.
All domains is different.
from ndpi.
All this is already in nDPI. You need to add an interface to load the list of domains.
from ndpi.
See 16d3ab3
I don't tested long domain names list.
Theoretically, the list of hosts can be changed during work, but I have not tried to do so yet. Rebuilding the search tree is a rather lengthy task.
from ndpi.
I changed the procedure for loading hostnames. Theoretically, there are no restrictions on the number of host names. Updates take place atomically.
from ndpi.
Commit 0b5ec1e fixed critical error.
from ndpi.
Related Issues (20)
- Risk add command doesn't match actual rule. HOT 5
- protocol line and linecall not recognised by iptables HOT 2
- modify iptables extension for better performance HOT 5
- Policy Based Routing does not work. HOT 10
- Flow Risk ID 27 - Risky Domain Name - Default behavior HOT 6
- New build issues of master HOT 1
- Валятся тесты из папки tests после сборки HOT 1
- Question about Flow Risk HOT 4
- No pkg-config --variable=xtlibdir xtables HOT 3
- Typo in main.c (acctounting instead of accounting) HOT 1
- Linux 6.6: build errors HOT 10
- Kernel panic when syncing conntrack entries with conntrackd HOT 5
- All defined host protocols match risk id 27 (Risky Domain Name) HOT 7
- bittorrent.c: detected write beyond size of field HOT 1
- ndpi_network_list.c.inc can no longer be compiled after merge HOT 2
- Question about echo command HOT 1
- Seeking Advice on Updating nDPI on VPS Servers HOT 1
- unresolved symbol __aarch64_ldadd8_sync on aarch64 HOT 4
- Inconsistent BitTorrent Filtering with nDPI HOT 4
- Handling large host_proto lists HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ndpi.