-
Notifications
You must be signed in to change notification settings - Fork 4
/
malwarefilter.lua
56 lines (48 loc) · 1.56 KB
/
malwarefilter.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
--[[
Example of opt-in filtering. Reads a list of IPs that want filtering and a list
of known malware domains from two different files. The queries for the malware
domains always skip the packet cache so non-filtered clients don't get the
domains into the cache.
This could also be implemented with gettag() at the cost of doing Lua for each
inbound packet, as far as I understand it.
]]
-- returns true if the given file exists
local function fileExists(file)
local f = io.open(file, "rb")
if f then
f:close()
end
return f ~= nil
end
-- loads contents of a file line by line into the given table
local function loadFile(filename, list)
if fileExists(filename) then
for line in io.lines(filename) do
list:add(line)
end
pdnslog("Lua script: " .. filename .. " successfully loaded", pdns.loglevels.Notice)
else
pdnslog("Lua script: could not open file " .. filename, pdns.loglevels.Warning)
end
end
-- this funciton is booked before resolving starts
function preresolve(dq)
-- check filterlist
if filterdomains:check(dq.qname) then
dq.variable = true -- skip the packet cache
if filterips:check(dq.remoteaddr) then
filterlist_metric:inc()
return true
end
end
-- default, do not rewrite this response
return false
end
-- List of customer IPs that want malware filtering
filterips=newCAS()
loadFile("/etc/powerdns/filter-ips.list", filterips)
-- List of malware domains
filterdomains=newDS()
loadFile("/etc/powerdns/filter-domains.list", filterdomains)
-- get metrics
filterlist_metric = getMetric("filterlist_hits")