monadical/greywall
Archived
13
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity

feat: native allowedDomains/deniedDomains network filtering #1

Closed
jose wants to merge 4 commits from feat/domain-filtering-proxy into main
pull from: feat/domain-filtering-proxy
merge into: monadical:main
Conversation 1 Commits 4 Files Changed 14 +1307 -24

4 Commits

Author SHA1 Message Date
Jose B
1300cbacc9 fix: skip network namespace when domain filtering proxy is active
Some checks failed
Build and test / Build (pull_request) Successful in 13s
Details
Build and test / Lint (pull_request) Failing after 35s
Details
Build and test / Test (Linux) (pull_request) Successful in 1m17s
Details 
Change --unshare-net skip logic to trigger whenever filterProxy is set,
not just for wildcard allow configs. The filtering proxy always listens
on host 127.0.0.1 and requires sandboxed processes to reach the host
network via env-var-based proxying. Also upgrade golangci-lint-action to v7.
 2026-02-17 16:11:41 -05:00
Jose B
ca80be7537 fix: correct typo in smoke test and use binary install mode for golangci-lint
Some checks failed
Build and test / Build (pull_request) Successful in 10s
Details
Build and test / Lint (pull_request) Failing after 9s
Details
Build and test / Test (Linux) (pull_request) Failing after 1m6s
Details
2026-02-17 13:33:34 -05:00
Jose B
98db35a695 fix: upgrade golangci-lint to v2.1.6 and download tun2socks in CI
Some checks failed
Build and test / Lint (pull_request) Failing after 14s
Details
Build and test / Test (Linux) (pull_request) Failing after 1m9s
Details
Build and test / Build (pull_request) Successful in 11s
Details
2026-02-17 12:27:09 -05:00
Jose B
6be1cf5620 feat: add domain-based outbound filtering with allowedDomains/deniedDomains
Some checks failed
Build and test / Lint (pull_request) Failing after 1m3s
Details
Build and test / Test (Linux) (pull_request) Failing after 39s
Details
Build and test / Build (pull_request) Successful in 19s
Details 
Add NetworkConfig.AllowedDomains and DeniedDomains fields for controlling
outbound connections by hostname. Deny rules are checked first (deny wins).
When AllowedDomains is set, only matching domains are permitted. When only
DeniedDomains is set, all domains except denied ones are allowed.

Implement FilteringProxy that wraps gost HTTP proxy with domain enforcement
via AllowConnect callback. Skip GreyHaven proxy/DNS defaults
 2026-02-17 11:52:43 -05:00