Support IP accept list

2019-06-15 11:57:05 +08:00
parent 9a067e99c7
commit a09e63d333
7 changed files with 56 additions and 19 deletions
--- a/etc/smartdns/smartdns.conf
+++ b/etc/smartdns/smartdns.conf
@@ -39,6 +39,9 @@ cache-size 512
 # List of IPs that will be ignored
 # ignore-ip [ip/subnet]

+# List of IPs that will be accepted
+# accept-ip [ip/subnet]
+
 # force AAAA query return SOA
 # force-AAAA-SOA [yes|no]

@@ -80,30 +83,31 @@ log-level info
 # audit-num 2

 # remote udp dns server list
-# server [IP]:[PORT] [-blacklist-ip] [-check-edns] [-group [group] ...] [-exclude-default-group]
+# server [IP]:[PORT] [-blacklist-ip] [-accept-ip] [-check-edns] [-group [group] ...] [-exclude-default-group]
 # default port is 53
 #   -blacklist-ip: filter result with blacklist ip
+#   -accept-ip: accept ip result with accept-ip list
 #   -check-edns: result must exist edns RR, or discard result.
 #   -group [group]: set server to group, use with nameserver /domain/group.
 #   -exclude-default-group: exclude this server from default group.
 # server 8.8.8.8 -blacklist-ip -check-edns -group g1 -group g2

 # remote tcp dns server list
-# server-tcp [IP]:[PORT] [-blacklist-ip] [-group [group] ...] [-exclude-default-group]
+# server-tcp [IP]:[PORT] [-blacklist-ip] [-accept-ip] [-group [group] ...] [-exclude-default-group]
 # default port is 53
 # server-tcp 8.8.8.8

 # remote tls dns server list
-# server-tls [IP]:[PORT] [-blacklist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
+# server-tls [IP]:[PORT] [-blacklist-ip] [-accept-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
 #   -spki-pin: TLS spki pin to verify.
-# Get SKPI with this command:
+# Get SPKI with this command:
 #    echo | openssl s_client -connect '[ip]:853' | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
 # default port is 853
 # server-tls 8.8.8.8
 # server-tls 1.0.0.1

 # remote https dns server list
-# server-https https://[host]:[port]/path [-blacklist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
+# server-https https://[host]:[port]/path [-blacklist-ip] [-accept-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
 #   -spki-pin: TLS spki pin to verify.
 # default port is 443
 # server-https https://cloudflare-dns.com/dns-query
@@ -126,4 +130,3 @@ log-level info
 # ipset /domain/[ipset|-]
 # ipset /www.example.com/block, set ipset with ipset name of block 
 # ipset /www.example.com/-, ignore this domain
-