From bf4f66ae0ff141a234702bae9e39a45ef98287bb Mon Sep 17 00:00:00 2001 From: Nick Peng Date: Sun, 26 Mar 2023 12:00:43 +0800 Subject: [PATCH] config: add ip rule pages. --- docs/config/ip-rule.md | 47 +++++++++++++++++++++++++++++++++++++++ en/docs/config/ip-rule.md | 47 +++++++++++++++++++++++++++++++++++++++ en/mkdocs.yml | 1 + mkdocs.yml | 1 + 4 files changed, 96 insertions(+) create mode 100644 docs/config/ip-rule.md create mode 100644 en/docs/config/ip-rule.md diff --git a/docs/config/ip-rule.md b/docs/config/ip-rule.md new file mode 100644 index 0000000..e8aaafc --- /dev/null +++ b/docs/config/ip-rule.md @@ -0,0 +1,47 @@ +--- +hide: + - toc +--- + +# IP规则 + +smartdns提供了IP地址黑白名单和忽略相关的结果。 + +|参数|功能|使用场景| +|---|---|---| +|whitelist-ip|白名单 IP 地址|接受在指定范围内的IP地址设置 +|blacklist-ip|黑名单 IP 地址|接受在指定范围外的IP地址设置 +|ignore-ip|忽略 IP 地址|不需要某个IP地址,或IP地址段时设置。 +|bogus-nxdomain|假冒 IP 地址过滤|请求结果包含对应IP地址时,返回SOA + +## 白名单IP地址 + +如果想对某个上游限制其返回的IP地址在白名单范围,非白名单的地址全部丢弃,则可以设置如下: + +```shell +server -whitelist-ip +whitelist-ip 192.168.1.1/24 +``` + +## 黑名单IP地址 + +```shell +server -blacklist-ip +blacklist-ip 192.168.1.1/24 +``` + +## 忽略IP地址 + +如果希望使用上游返回的某个IP地址,可以配置忽略此IP。 + +```shell +ignore-ip 1.2.3.4 +``` + +## 假冒IP地址 + +如果网站不存在时,被ISP固定返回某个网段的IP地址的404页面,则可以使用此参数;比如电信的自定义404页面。则可以通过如下配置,让客户端接受到SOA,而不是被重定向的ISP的404页面。 + +```shell +bogus-nxdomain 1.2.3.4 +``` diff --git a/en/docs/config/ip-rule.md b/en/docs/config/ip-rule.md new file mode 100644 index 0000000..b72be34 --- /dev/null +++ b/en/docs/config/ip-rule.md @@ -0,0 +1,47 @@ +--- +hide: + - toc +--- + +# IP Rules + +smartdns provides IP address whitelist, blacklist and ignore rules for filtering results. + +| Parameter | Function | Usage | +| --- | --- | --- | +| whitelist-ip | Whitelist IP address | Accept IP addresses within a specified range | +| blacklist-ip | Blacklist IP address | Accept IP addresses outside a specified range | +| ignore-ip | Ignore IP address | Do not use a specific IP address, or range of IP addresses | +| bogus-nxdomain | Spoof IP address filtering | Return SOA when the requested result contains a specified IP address | + +## Whitelist IP addresses + +If you want to restrict the IP addresses returned by an upstream server within a whitelist range, and disregard non-whitelisted addresses, you can set the following: + +```shell +server -whitelist-ip +whitelist-ip 192.168.1.1/24 +``` + +## Blacklist IP addresses + +```shell +server -blacklist-ip +blacklist-ip 192.168.1.1/24 +``` + +## Ignore IP addresses + +If you want to use a specific IP address returned by an upstream server, you can configure it to be ignored. + +```shell +ignore-ip 1.2.3.4 +``` + +## Spoof IP addresses + +If the ISP returns a 404 page containing a specific IP address range when the website does not exist, such as China Telecom's custom 404 page, you can use this parameter to return an SOA to the client instead of the ISP's redirect 404 page. + +```shell +bogus-nxdomain 1.2.3.4 +``` diff --git a/en/mkdocs.yml b/en/mkdocs.yml index 112c7ad..4389c66 100644 --- a/en/mkdocs.yml +++ b/en/mkdocs.yml @@ -94,6 +94,7 @@ nav: - IPSet and NFTSet: 'config/ipset-nftset.md' - Query through Proxy: 'config/proxy.md' - DNS64: 'config/dns64.md' + - IP Rule: 'config/ip-rule.md' - Forwarding with IPSet: 'config/forwarding-with-ipset.md' - Configurations: 'configuration.md' - Compile: 'compile.md' diff --git a/mkdocs.yml b/mkdocs.yml index 52a3c51..4b2eebe 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -94,6 +94,7 @@ nav: - IPSet和NFTSet: 'config/ipset-nftset.md' - 通过代理查询: 'config/proxy.md' - DNS64: 'config/dns64.md' + - IP规则: 'config/ip-rule.md' - 白名单分流请求: 'config/forwarding-with-ipset.md' - 配置选项: 'configuration.md' - 编译: 'compile.md'