daxi20/smartdns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

config: add ip rule pages.

Browse Source
This commit is contained in:
Nick Peng
2023-03-26 12:00:43 +08:00
parent 149a52584e
commit bf4f66ae0f
4 changed files with 96 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
docs/config/ip-rule.md Normal file
View File

@@ -0,0 +1,47 @@
---
hide:
- toc
---
# IP规则
smartdns提供了IP地址黑白名单和忽略相关的结果。
|参数|功能|使用场景|
|---|---|---|
|whitelist-ip|白名单 IP 地址|接受在指定范围内的IP地址设置
|blacklist-ip|黑名单 IP 地址|接受在指定范围外的IP地址设置
|ignore-ip|忽略 IP 地址|不需要某个IP地址或IP地址段时设置。
|bogus-nxdomain|假冒 IP 地址过滤|请求结果包含对应IP地址时返回SOA
## 白名单IP地址
如果想对某个上游限制其返回的IP地址在白名单范围非白名单的地址全部丢弃则可以设置如下
```shell
server -whitelist-ip
whitelist-ip 192.168.1.1/24
```
## 黑名单IP地址
```shell
server -blacklist-ip
blacklist-ip 192.168.1.1/24
```
## 忽略IP地址
如果希望使用上游返回的某个IP地址可以配置忽略此IP。
```shell
ignore-ip 1.2.3.4
```
## 假冒IP地址
如果网站不存在时被ISP固定返回某个网段的IP地址的404页面则可以使用此参数比如电信的自定义404页面。则可以通过如下配置让客户端接受到SOA而不是被重定向的ISP的404页面。
```shell
bogus-nxdomain 1.2.3.4
```

47
en/docs/config/ip-rule.md Normal file
View File

@@ -0,0 +1,47 @@
---
hide:
- toc
---
# IP Rules
smartdns provides IP address whitelist, blacklist and ignore rules for filtering results.
| Parameter | Function | Usage |
| --- | --- | --- |
| whitelist-ip | Whitelist IP address | Accept IP addresses within a specified range |
| blacklist-ip | Blacklist IP address | Accept IP addresses outside a specified range |
| ignore-ip | Ignore IP address | Do not use a specific IP address, or range of IP addresses |
| bogus-nxdomain | Spoof IP address filtering | Return SOA when the requested result contains a specified IP address |
## Whitelist IP addresses
If you want to restrict the IP addresses returned by an upstream server within a whitelist range, and disregard non-whitelisted addresses, you can set the following:
```shell
server -whitelist-ip
whitelist-ip 192.168.1.1/24
```
## Blacklist IP addresses
```shell
server -blacklist-ip
blacklist-ip 192.168.1.1/24
```
## Ignore IP addresses
If you want to use a specific IP address returned by an upstream server, you can configure it to be ignored.
```shell
ignore-ip 1.2.3.4
```
## Spoof IP addresses
If the ISP returns a 404 page containing a specific IP address range when the website does not exist, such as China Telecom's custom 404 page, you can use this parameter to return an SOA to the client instead of the ISP's redirect 404 page.
```shell
bogus-nxdomain 1.2.3.4
```

1
en/mkdocs.yml
View File

@@ -94,6 +94,7 @@ nav:
- IPSet and NFTSet: 'config/ipset-nftset.md' - IPSet and NFTSet: 'config/ipset-nftset.md'
- Query through Proxy: 'config/proxy.md' - Query through Proxy: 'config/proxy.md'
- DNS64: 'config/dns64.md' - DNS64: 'config/dns64.md'
- IP Rule: 'config/ip-rule.md'
- Forwarding with IPSet: 'config/forwarding-with-ipset.md' - Forwarding with IPSet: 'config/forwarding-with-ipset.md'
- Configurations: 'configuration.md' - Configurations: 'configuration.md'
- Compile: 'compile.md' - Compile: 'compile.md'

1
mkdocs.yml
View File

@@ -94,6 +94,7 @@ nav:
- IPSet和NFTSet: 'config/ipset-nftset.md' - IPSet和NFTSet: 'config/ipset-nftset.md'
- 通过代理查询: 'config/proxy.md' - 通过代理查询: 'config/proxy.md'
- DNS64: 'config/dns64.md' - DNS64: 'config/dns64.md'
- IP规则: 'config/ip-rule.md'
- 白名单分流请求: 'config/forwarding-with-ipset.md' - 白名单分流请求: 'config/forwarding-with-ipset.md'
- 配置选项: 'configuration.md' - 配置选项: 'configuration.md'
- 编译: 'compile.md' - 编译: 'compile.md'