1## Created a module to support the ipset that could add the domain's ip to a list easily. 2 3### Purposes: 4* In my case, I can't access the facebook, twitter, youtube and thousands web site for some reason. VPN is a solution. But the internet too slow whether all traffics pass through the vpn. 5So, I set up a transparent proxy to proxy the traffic which has been blocked only. 6At the final step, I need to install a dns service which would work with ipset well to launch the system. 7I did some research for this. Unfortunately, Unbound, My favorite dns service doesn't support ipset yet. So, I decided to implement it by my self and contribute the patch. It's good for me and the community. 8``` 9# unbound.conf 10server: 11 ... 12 local-zone: "facebook.com" ipset 13 local-zone: "twitter.com" ipset 14 local-zone: "instagram.com" ipset 15 more social website 16 17ipset: 18 name-v4: "gfwlist" 19``` 20``` 21# iptables 22iptables -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 10800 23iptables -A OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 10800 24``` 25 26* This patch could work with iptables rules to batch block the IPs. 27``` 28# unbound.conf 29server: 30 ... 31 local-zone: "facebook.com" ipset 32 local-zone: "twitter.com" ipset 33 local-zone: "instagram.com" ipset 34 more social website 35 36ipset: 37 name-v4: "blacklist" 38 name-v6: "blacklist6" 39``` 40``` 41# iptables 42iptables -A INPUT -m set --set blacklist src -j DROP 43ip6tables -A INPUT -m set --set blacklist6 src -j DROP 44``` 45 46### Notes: 47* To enable this module the root privileges is required. 48* Please create a set with ipset command first. eg. **ipset -N blacklist iphash** 49 50### How to use: 51``` 52./configure --enable-ipset 53make && make install 54``` 55 56### Configuration: 57``` 58# unbound.conf 59server: 60 ... 61 local-zone: "example.com" ipset 62 63ipset: 64 name-v4: "blacklist" 65``` 66