From 7e85083c3838c51881aa9de744922d60757a2f1b Mon Sep 17 00:00:00 2001 From: Mathieu Virbel Date: Wed, 11 Feb 2026 18:16:35 -0600 Subject: [PATCH] feat: default to GreyHaven proxy and DNS infrastructure Default proxy to socks5://localhost:42052 and DNS to localhost:42053 when neither CLI flags nor config file specify them. This makes greywall work out of the box with GreyHaven without requiring --proxy or --dns. Also show both proxy and DNS in debug output on manager initialization. --- cmd/greywall/main.go | 28 ++++++++++++++++------------ internal/sandbox/manager.go | 6 +++++- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/cmd/greywall/main.go b/cmd/greywall/main.go index b9b8bc4..8c47f6c 100644 --- a/cmd/greywall/main.go +++ b/cmd/greywall/main.go @@ -55,9 +55,9 @@ func main() { Long: `greywall is a command-line tool that runs commands in a sandboxed environment with network and filesystem restrictions. -By default, all network access is blocked. Use --proxy to route traffic through -an external SOCKS5 proxy, or configure a proxy URL in your settings file at -~/.config/greywall/greywall.json (or ~/Library/Application Support/greywall/greywall.json on macOS). +By default, traffic is routed through the GreyHaven SOCKS5 proxy at localhost:42051 +with DNS via localhost:42053. Use --proxy and --dns to override, or configure in +your settings file at ~/.config/greywall/greywall.json (or ~/Library/Application Support/greywall/greywall.json on macOS). On Linux, greywall uses tun2socks for truly transparent proxying: all TCP/UDP traffic from any binary is captured at the kernel level via a TUN device and forwarded @@ -98,8 +98,8 @@ Configuration file format: rootCmd.Flags().BoolVarP(&debug, "debug", "d", false, "Enable debug logging") rootCmd.Flags().BoolVarP(&monitor, "monitor", "m", false, "Monitor and log sandbox violations") rootCmd.Flags().StringVarP(&settingsPath, "settings", "s", "", "Path to settings file (default: OS config directory)") - rootCmd.Flags().StringVar(&proxyURL, "proxy", "", "External SOCKS5 proxy URL (e.g., socks5://localhost:1080)") - rootCmd.Flags().StringVar(&dnsAddr, "dns", "", "DNS server address on host (default: localhost:5353 when proxy is set)") + rootCmd.Flags().StringVar(&proxyURL, "proxy", "", "External SOCKS5 proxy URL (default: socks5://localhost:42052)") + rootCmd.Flags().StringVar(&dnsAddr, "dns", "", "DNS server address on host (default: localhost:42053)") rootCmd.Flags().StringVarP(&cmdString, "c", "c", "", "Run command string directly (like sh -c)") rootCmd.Flags().StringArrayVarP(&exposePorts, "port", "p", nil, "Expose port for inbound connections (can be used multiple times)") rootCmd.Flags().BoolVarP(&showVersion, "version", "v", false, "Show version information") @@ -229,14 +229,18 @@ func runCommand(cmd *cobra.Command, args []string) error { cfg.Network.DnsAddr = dnsAddr } - // Default DNS to localhost:5353 when proxy is configured but no DNS address - // is specified. GreyHaven typically runs a DNS server on this port, and using - // a dedicated DNS bridge ensures DNS queries go through controlled infrastructure - // rather than leaking to public resolvers. - if cfg.Network.ProxyURL != "" && cfg.Network.DnsAddr == "" { - cfg.Network.DnsAddr = "localhost:5353" + // GreyHaven defaults: when no proxy or DNS is configured (neither via CLI + // nor config file), use the standard GreyHaven infrastructure ports. + if cfg.Network.ProxyURL == "" { + cfg.Network.ProxyURL = "socks5://localhost:42052" if debug { - fmt.Fprintf(os.Stderr, "[greywall] Defaulting DNS to localhost:5353 (proxy configured, no --dns specified)\n") + fmt.Fprintf(os.Stderr, "[greywall] Defaulting proxy to socks5://localhost:42052\n") + } + } + if cfg.Network.DnsAddr == "" { + cfg.Network.DnsAddr = "localhost:42053" + if debug { + fmt.Fprintf(os.Stderr, "[greywall] Defaulting DNS to localhost:42053\n") } } diff --git a/internal/sandbox/manager.go b/internal/sandbox/manager.go index dcd08c6..3ef9d76 100644 --- a/internal/sandbox/manager.go +++ b/internal/sandbox/manager.go @@ -120,7 +120,11 @@ func (m *Manager) Initialize() error { m.initialized = true if m.config.Network.ProxyURL != "" { - m.logDebug("Sandbox manager initialized (proxy: %s)", m.config.Network.ProxyURL) + dnsInfo := "none" + if m.config.Network.DnsAddr != "" { + dnsInfo = m.config.Network.DnsAddr + } + m.logDebug("Sandbox manager initialized (proxy: %s, dns: %s)", m.config.Network.ProxyURL, dnsInfo) } else { m.logDebug("Sandbox manager initialized (no proxy, network blocked)") }