Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v055: Domain blocks are always enforced at L4 #992

Closed
ignoramous opened this issue Aug 18, 2023 · 1 comment
Closed

v055: Domain blocks are always enforced at L4 #992

ignoramous opened this issue Aug 18, 2023 · 1 comment
Assignees
@hussainmohd-a
Labels
bug Something isn't working P0 Priority: 0 (urgent and important)
Milestone
v056

Comments

@ignoramous
Copy link
Collaborator

ignoramous commented Aug 18, 2023
edited
Loading

Instead of custom domain blocks (without corresponding Trust (allow) rules) being grounded by DNS (with 0.0.0.0 or ::) is instead blocked by the L4 firewall.

This is a regression and highly undesirable behaviour as L4 blocks are more expensive (resource wise) than DNS blocks.

This bug is reproducible regardless of what the DNS upstream is (Rethink, Quad9, Cloudflare, Google etc)

rules DNS:

Screenshot_2023-08-19-00-31-03-94_c8cbde12d3521911922be4eee6a05664~2

L4:

Screenshot_2023-08-19-00-30-53-38_c8cbde12d3521911922be4eee6a05664~2
@ignoramous ignoramous added the bug Something isn't working label Aug 18, 2023
@ignoramous ignoramous added this to the v056 milestone Aug 18, 2023
@ignoramous ignoramous added the P0 Priority: 0 (urgent and important) label Aug 18, 2023
@ignoramous ignoramous mentioned this issue Aug 19, 2023
Closed
hussainmohd-a added a commit to hussainmohd-a/rethink-app that referenced this issue Aug 21, 2023
@hussainmohd-a
Fix celzero#992: global domain blocks in dns flow
8946634 
if the domain is blocked by global rule and is not available
in any of the trusted rules (app-wise or global) then block
the domain in dns flow instead of L4.

celzero#992
@hussainmohd-a
Copy link
Collaborator

Fixed: 8946634

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hussainmohd-a hussainmohd-a

Labels
bug Something isn't working P0 Priority: 0 (urgent and important)
Projects
None yet
Milestone
v056
Development

No branches or pull requests
2 participants
@ignoramous @hussainmohd-a