-
-
Notifications
You must be signed in to change notification settings - Fork 510
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Regular expressions with domain lists #866
Comments
Hi @dissona , Set LogLevel to DEBUG under Preferences -> Nodes, and filter the log from a terminal like this: That way you'll see what regular expression is matching a domain. Post it here so we can debug it. If you're using a generic domains list (only domains, without regexps) with a rule type of regular expressions, then yes, it'll consider for example "mozilla.org" as ".*mozilla.org" |
looks like it matches anything, if there is no expression given How can i fix the mybase list with this syntax? I tried the hosts format on the other setting but does not allow me to use regex or have an easy way to block all subdomains from this massive list |
in a list of regular expressions every entry is compiled as regexp, so for example "mozilla.org" will match in this case: "ozilla.org" is an entry of your list, so it's matching "*ozilla.org" -> addons.mozilla.org, www.mozilla.org, etc. I downloaded
I'd start reviewing that suspicious entry "ozilla.org" and deleting it. Then if you want to filter all the subdomains of that list, I'd convert the domains to regular expressions: (which means: given a domain xyz.net, filter xyz.net or any subdomain of *.xyz.net) playground: https://go.dev/play/p/JzQCeNH4OH1 |
its on line 449213
Thankyou, this seemed to have worked but its taking so long to resolve DNS requests my internet is unusable with the list enabled |
if you're using Deny for that rule, change it to Reject. |
no difference, I also tried changing process monitor method from ebpf to proc and it still takes 30~ seconds to resolve dns requests on firefox my log has these errors if thats any help
|
oops, you're right. hmm, after loading this list with regexps, the daemon is using 100% of the CPU. For now this is a limitation, regexp lists will only work with small lists of regexps |
ok thankyou, I will use hosts format instead it says in https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters#filter-patterns maybe whatever code they are using for domain/subdomains wildcards can be implemented into opensnitch? |
In principle those filters are just regular expressions, they should work fine with opensnitch. I've been using this list since I added regexp lists: https://github.com/mmotti/pihole-regex/blob/master/regex.list There're some more info on reddit: Maybe we could maintain a list of regexps. |
wiki updated to reflect all this: https://github.com/evilsocket/opensnitch/wiki/block-lists#lists-of-domains-with-regular-expressions |
closing as this is a limitation right now, that would require a lot of work for little benefit. But I've tagged it just in case some day or someone wants to fix it. |
Manjaro KDE 5.26.5
Kernel 5.15.93-1-MANJARO
opensnitch 1.5.7
I am using rule:
list of domains/IPs > To this list of domains (regular expressions)
I have mybase list (7.7MiB) from https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Public-blocklist
Issue:
it blocks sites that are not on the list for example mozilla.org and addons.mozilla.org
What i have tried:
Removing all lines with * or #, so its just a list of domains
Removing all lines with mozilla
Im not sure what the issue is, but it could be that the regular expressions used by opensnitch are to broad?
The text was updated successfully, but these errors were encountered: