23 repositorios
Security mechanisms that intercept and block network requests by mapping domains to null addresses.
Distinguishing note: Specifically addresses DNS-level blocking at the operating system level.
Explore 23 awesome GitHub repositories matching security & cryptography · DNS Filtering. Refine with filters or upvote what's useful.
This project provides a system-wide content filtering utility that controls network traffic by redirecting domain resolution requests to local null addresses. By mapping unwanted hostnames to these addresses at the operating system level, it effectively blocks connections to advertising, tracking, and malicious domains across all applications on a machine. The core of the system is a data-driven build pipeline that aggregates multiple curated source lists into a single, unified configuration file. This process is highly customizable, allowing users to employ declarative filtering logic throug
Restricts internet access by mapping unwanted domains to a null address at the local operating system level.
This project is a comprehensive repository of curated domain blocklists designed for network-wide DNS filtering. It functions as a DNS sinkhole feed, providing the necessary data to intercept and block unwanted network requests at the resolution layer before they reach their destination. By returning null or loopback addresses for identified domains, it prevents connections to malicious infrastructure, advertising servers, and tracking endpoints across all devices on a network. The repository distinguishes itself through a tiered categorization logic that allows users to select protection lev
Implements network-wide DNS filtering to block advertisements, trackers, and malicious domains for all connected devices.
Gluetun is a Docker VPN client gateway that routes network traffic from other containers through secure WireGuard or OpenVPN tunnels. It serves as a network gateway to mask origin IP addresses and provides a firewall kill switch that blocks all outbound traffic unless it is destined for the active VPN server. The project supports multiple commercial VPN providers and can maintain several simultaneous connections using custom configuration files. It includes an integrated proxy server stack hosting SOCKS5, HTTP, and Shadowsocks servers to tunnel TCP and UDP traffic. Security is managed throug
Blocks malicious and advertising domains by matching DNS requests against updated blacklists.
dnscrypt-proxy is an anonymizing DNS proxy and encrypted DNS resolver. It acts as a local DNS forwarder that secures internet lookups by wrapping standard DNS queries in encrypted tunnels using the DNSCrypt and DNS-over-HTTPS protocols to prevent eavesdropping and tampering. The project provides network privacy protection by routing DNS requests through anonymized relays to obfuscate the client's original IP address. It further distinguishes itself through traffic management capabilities, such as mapping specific domains to designated resolvers and distributing queries across multiple servers
Blocks ads and malicious domains at the network level by mapping them to null addresses.
Portmaster is a host-based network firewall and privacy tool that monitors and controls all system network traffic. It operates by intercepting data packets at the operating system level, allowing it to observe and manage every connection made by local software in real time. The software distinguishes itself through process-aware connection mapping, which correlates active network sockets with specific local applications to provide visibility into data transfers. It utilizes a user-space policy engine to enforce granular security rules, enabling users to restrict internet access, block specif
Intercepts and filters DNS queries to prevent tracking, advertising, and malicious domain resolution at the OS level.
The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It
Applies firewall rules to outbound DNS queries to block unauthorized domains and protect internal network traffic.
SmartDNS is a local recursive DNS resolver and server that manages granular query rules, dual-stack networking, and encrypted gateway proxying. It functions as a DNS traffic filter and DNS64 translator, allowing IPv6-only clients to communicate with IPv4 servers. The project distinguishes itself through parallel upstream querying, which sends requests to multiple servers simultaneously to return the response with the lowest network latency. It supports DNS server virtualization, enabling the operation of multiple independent server instances on different ports, each with its own configuration
Provides DNS-level filtering to block advertisements and malicious content via domain suffix matching.
This project provides a containerized DNS sinkhole and network-wide traffic filtering solution. It functions as a central network resolver that intercepts domain queries, allowing users to block advertisements, trackers, and malicious domains by returning null responses to connected devices. The platform distinguishes itself through its integrated DHCP server and comprehensive management capabilities, which allow for automated IP address allocation and granular control over network traffic. It supports complex filtering through regular expression matching, hierarchical rule prioritization, an
Rejects HTTPS and QUIC traffic at the network level to prevent advertisement assets from bypassing standard DNS filtering.
This project is an ad-blocking filter list and DNS blocklist collection designed to prevent advertisement and tracking servers from loading content across devices. It functions as a network-layer ad filter by providing a curated set of domain patterns and URLs that network components use to block known advertising and big data statistics domains. The collection focuses on privacy-focused domain filtering to stop the unauthorized collection of personal information and user tracking. It identifies and blocks domains associated with telemetry, analytics, and log collection to prevent the upload
Maintains and syncs curated lists of unwanted domains for use with network proxies and DNS servers.
Boto3 is the AWS SDK for Python, providing a programmatic interface for managing and automating AWS cloud infrastructure and services. It serves as a cloud management API client and resource manager for provisioning, configuring, and scaling virtual servers, databases, and storage. The library enables the implementation of infrastructure-as-code through declarative templates and scripts, allowing for the deployment of identical resource stacks across multiple accounts and geographic regions. It also provides a framework for coordinating distributed workflows, serverless functions, and contain
Implements security mechanisms that intercept and block network requests via DNS filtering and domain lists.
ExternalDNS is a controller that automatically synchronizes Kubernetes resource states with external DNS providers. It monitors cluster resources such as services, ingresses, and gateway APIs to dynamically create and update DNS records, enabling automated service discovery and external traffic management. The project features a provider-agnostic interface that supports a wide array of cloud-managed vendors and on-premises providers, as well as an extension system for custom providers via webhooks and sidecars. It implements a reconciliation loop that uses resource annotations and custom reso
Restricts which services, pods, or nodes are watched using type, label, or annotation filters.
AdAway is an Android network firewall and DNS traffic filter that functions as a local VPN ad blocker. It intercepts network requests to prevent advertisements and tracking domains from reaching the device by filtering traffic against host lists. The project features a host file manager capable of importing and converting blocklists from external third-party providers. It includes a system for managing both blocked and allowed domains, allowing for the creation of custom rules to permit specific trusted sites or block individual domains. The tool provides granular traffic control through app
Intercepts network traffic via a local VPN to resolve blocked domains to null addresses.
This project is an adblock filter list aggregator and DNS blocklist generator. It merges multiple blocking rule sources into a single deduplicated set and processes these rules into formatted lists compatible with DNS servers, browser extensions, and network proxy tools. The system includes a domain resolvability validator that checks filter lists against global DNS services to remove unreachable or invalid domains. It also features a filter rule parser that extracts target domains and IP addresses from complex syntaxes while removing comments. The project covers rule aggregation, syntax-awa
Combines and validates multiple rule sources to create merged DNS blocklists excluding unresolvable domains.
Blocky is a stateless DNS proxy that functions as a network-wide ad-blocker and content filter. It operates as a single binary or Docker container with no database or persistent state, accepting DNS queries over UDP, TCP, HTTPS, TLS, QUIC, and HTTP/3 through a unified plugin-based query pipeline. The core of the system is a client-group policy engine that assigns devices to named groups and applies per-group blocklists, allowlists, and upstream resolvers, with all configuration changes applied through hot-reloading without requiring a restart. The project distinguishes itself through its modu
Blocks unwanted DNS queries by matching domains, CNAMEs, or IP addresses against external blocklists and allowlists.
dnsmasq-china-list es un generador de configuración y un conjunto de listas de filtrado y enrutamiento DNS. Convierte listas de dominios curadas en archivos de configuración para dnsmasq con el fin de optimizar la resolución de nombres regional y dirigir solicitudes de dominios específicos a servidores regionales. El proyecto se centra en reducir la latencia y evitar el secuestro de DNS para usuarios en China mediante el enrutamiento de tráfico a través de servidores regionales y la dirección de solicitudes a los nodos de red de entrega de contenido (CDN) más cercanos. También proporciona reglas para bloquear dominios maliciosos y publicidad devolviendo respuestas de fallo para evitar la inyección de red. El sistema gestiona configuraciones DNS eliminando entradas de subdominios redundantes y eliminando jerarquías de dominios superpuestas para optimizar el uso de memoria. Además, admite la prevención de fugas de DNS restringiendo dominios de proveedores no confiables y añadiendo servidores de nombres confiables a una lista blanca.
Provides security mechanisms that intercept and block requests to malicious and advertisement domains via DNS filtering.
Este proyecto es una interfaz de gestión de puntos de acceso inalámbricos para dispositivos Debian. Proporciona un controlador basado en web para gestionar puntos de acceso inalámbricos, repetidores inalámbricos, puertas de enlace VPN y filtros de bloqueo de anuncios DNS. El sistema incluye un framework de portal cautivo para interceptar el tráfico de red mediante páginas de bienvenida personalizables y un controlador VPN que admite WireGuard y OpenVPN con funcionalidad de kill-switch. Se diferencia además con un filtro de bloqueo de anuncios DNS que utiliza listas negras curadas y la capacidad de operar en múltiples modos de red, incluyendo punto de acceso puenteado y repetidor inalámbrico. La superficie de capacidades se extiende a la monitorización y diagnóstico de red, incluyendo seguimiento de ancho de banda en tiempo real y captura de paquetes. Cubre el control de acceso a la red mediante filtrado MAC y autenticación basada en roles, así como la gestión general de la red para DHCP, configuración de datos móviles y DNS dinámico. La pila de aplicaciones se entrega mediante un modelo de despliegue contenedorizado y admite el arranque a través de variables de entorno.
Records and displays blacklisted DNS requests to identify which hosts are being blocked.
Lists is a curated collection of DNS blocklists, a domain blocklist generator, and a categorized library of domains used for network content filtering. The project provides a command-line pipeline that aggregates upstream sources to build and validate blocklists used to redirect unwanted traffic to null addresses. The project distinguishes itself through a CLI-driven build pipeline that automates the fetching, validation, and daily regeneration of datasets. It organizes domains into discrete functional categories rather than a single monolithic list and exports them in multiple syntaxes, incl
Blocks unwanted domains at the network level by applying curated lists to a DNS resolver.
Este proyecto proporciona una colección de listas de bloqueo de dominios diseñadas para evitar que las peticiones de red lleguen a destinos específicos. Estas listas funcionan como bases de datos de direcciones web problemáticas y corporativas que pueden importarse en filtros de contenido, herramientas de seguridad de red y archivos hosts a nivel de sistema. Las listas se centran en bloquear dominios maliciosos conocidos y servicios web corporativos para controlar el acceso a la red. Estos conjuntos curados están organizados para filtrar sitios web dañinos y dominios propiedad de empresas en dispositivos o redes locales. El proyecto gestiona estas entradas mediante almacenamiento en archivos planos y distribución de activos estáticos, asegurando la compatibilidad con filtros DNS y la administración de archivos hosts.
Provides the underlying data needed for DNS filtering mechanisms to map unwanted domains to null addresses.
AdguardFilters is a collection of curated adblock filter lists, content blocking rulesets, and DNS blocklists. Its primary purpose is to provide the rules necessary to identify and remove advertisements, tracking scripts, and intrusive elements across web browsers and applications. The project includes specialized rules for cosmetic filtering to hide layout gaps and a malware domain database to block phishing and spyware destinations. It provides distinct filtering sets for different regions and purposes, such as social media blocking. The repository covers broad capability areas including m
Intercepts and blocks network requests by mapping advertising and tracking domains to null addresses.
NextDNS is a network DNS client and proxy that functions as a local resolver, forwarder, and DNS-over-HTTPS proxy. Its primary purpose is to route local name resolution requests to external providers using encrypted HTTPS traffic to improve privacy and bypass network restrictions. The service distinguishes itself by embedding client identity metadata—collected via mDNS or DHCP—into outgoing queries, allowing for per-device tracking and the application of unique filtering profiles. It features advanced routing logic, including split-horizon DNS for balancing public and private resolution, doma
Routes network requests through specific provider configurations to apply custom filtering and security rules.