1 ## Created a module to support the ipset that could add the domain's ip to a list easily.
4 * In my case, I can't access the facebook, twitter, youtube and thousands web site for some reason. VPN is a solution. But the internet too slow whether all traffics pass through the vpn.
5 So, I set up a transparent proxy to proxy the traffic which has been blocked only.
6 At the final step, I need to install a dns service which would work with ipset well to launch the system.
7 I did some research for this. Unfortunately, Unbound, My favorite dns service doesn't support ipset yet. So, I decided to implement it by my self and contribute the patch. It's good for me and the community.
12 local-zone: "facebook.com" ipset
13 local-zone: "twitter.com" ipset
14 local-zone: "instagram.com" ipset
22 iptables -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 10800
23 iptables -A OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 10800
26 * This patch could work with iptables rules to batch block the IPs.
31 local-zone: "facebook.com" ipset
32 local-zone: "twitter.com" ipset
33 local-zone: "instagram.com" ipset
42 iptables -A INPUT -m set --set blacklist src -j DROP
43 ip6tables -A INPUT -m set --set blacklist6 src -j DROP
47 * To enable this module the root privileges is required.
48 * Please create a set with ipset command first. eg. **ipset -N blacklist iphash**
52 ./configure --enable-ipset
61 local-zone: "example.com" ipset