Skip to content
Snippets Groups Projects
Commit 91110a88 authored by Shubham Sharma's avatar Shubham Sharma
Browse files

Initial documentation for urlfiltering with uci schema file.

parent 82ee89ff
No related branches found
No related tags found
1 merge request!3Initial documentation for urlfiltering with uci schema file.
......@@ -4,7 +4,7 @@
## Introduction
urlfilter blocks list of urls for the list of mac addresses passed to it. *urlfilter* uses the libnetfilter-queue
urlfilter blocks list of urls for the list of mac addresses passed to it. *urlfilter* uses the libnetfilter-queue along with libnetlink.
APIs to achieve the requirement.
## Project Components
......@@ -22,17 +22,52 @@ Project consists of following components:
## Pre-requisites
Before running the application you need to add a rule in the iptables to forward the http, https and dns packets to NFQUEUE.
Before running the application you need to add a rule in the iptables to forward the http and https packets to NFQUEUE.
NFQUEUE is an iptables and ip6tables target which delegate the decision on packets to a userspace software.
- iptables -I FORWARD 1 -p tcp --dport 80 -j NFQUEUE --queue-num 0
- iptables -I FORWARD 2 -p tcp --dport 443 -j NFQUEUE --queue-num 0
- iptables -I FORWARD 3 -p udp --dport 53 -j NFQUEUE --queue-num 0
In userspace, urlfilter daemon uses libnetfilter-queue to connect to queue 0 (the default one) and get the messages from kernel.
It then issues a verdict on the packet after checking the mac address and url.
## Sample UCI configuration
URL filtering daemon requires a configuration file. The configuration file is an uci file `/etc/config/urlfilter`. Sample configuration file is provided below.
````bash
config globals 'globals'
option enable '1'
option global_blacklist '1'
list gbl_url 'abc.com'
list gbl_url 'def.com'
list gbl_url 'facebook.com'
list gbl_url 'instagram.com'
config profile 'homeoffice'
list whitelist_url 'facebook.com'
list whitelist_url 'instagram.com'
config profile 'kids'
list blacklist_url 'youtube.com'
list blacklist_url 'game.com'
config filter 'f1'
option enable '1'
option profile 'kids'
list macaddr '00:11:22:33:44:55'
list macaddr 'AA:BB:CC:33:44:55'
list day 'Monday'
list day 'Tuesday'
list day 'Wednesday'
list day 'Thursday'
list day 'Friday'
option start_time '20:00'
option duration '64800'
config filter 'f2'
option enable '1'
option profile 'homeoffice'
list macaddr 'CC:DD:EE:33:44:55'
list macaddr 'EE:AA:BB:11:22:33'
````
<tbody><tr><td colspan="2"><div style="font-weight: bold">urlfilter</div><table style="width:100%"><tbody><tr><td><div style="font-weight: bold; font-size: 14px">section</div></td><td><div style="font-weight: bold; font-size: 14px">description</div></td><td><div style="font-weight: bold; font-size: 14px">multi</div></td><td><div style="font-weight: bold; font-size: 14px">options</div></td></tr><tr><td class="td_row_even"><div class="td_row_even">globals</div></td><td class="td_row_even"><div class="td_row_even">global configuration for url filtering.</div></td><td class="td_row_even"><div class="td_row_even">false</div></td><td class="td_row_even"><table style="width:100%"><tbody><tr><td><div style="font-weight: bold; font-size: 14px">name</div></td><td><div style="font-weight: bold; font-size: 14px">type</div></td><td><div style="font-weight: bold; font-size: 14px">required</div></td><td><div style="font-weight: bold; font-size: 14px">default</div></td><td><div style="font-weight: bold; font-size: 14px">description</div></td></tr><tr><td class="td_row_even"><div class="td_row_even">enable</div></td><td class="td_row_even"><div class="td_row_even">boolean</div></td><td class="td_row_even"><div class="td_row_even">yes</div></td><td class="td_row_even"><div class="td_row_even">false</div></td><td class="td_row_even"><div class="td_row_even">Enables or disables filtering globally.</div></td></tr><tr><td class="td_row_odd"><div class="td_row_odd">global_blacklist</div></td><td class="td_row_odd"><div class="td_row_odd">boolean</div></td><td class="td_row_odd"><div class="td_row_odd">no</div></td><td class="td_row_odd"><div class="td_row_odd">false</div></td><td class="td_row_odd"><div class="td_row_odd">Enables or disables global blacklist.</div></td></tr><tr><td class="td_row_even"><div class="td_row_even">gbl_url</div></td><td class="td_row_even"><div class="td_row_even">list</div></td><td class="td_row_even"><div class="td_row_even">no</div></td><td class="td_row_even"><div class="td_row_even">null</div></td><td class="td_row_even"><div class="td_row_even">Globally blacklisted urls i.e., facebook.com.</div></td></tr></tbody></table></td></tr><tr><td class="td_row_odd"><div class="td_row_odd">profile</div></td><td class="td_row_odd"><div class="td_row_odd">Whitelist or blacklist urls for configured profile.</div></td><td class="td_row_odd"><div class="td_row_odd">true</div></td><td class="td_row_odd"><table style="width:100%"><tbody><tr><td><div style="font-weight: bold; font-size: 14px">name</div></td><td><div style="font-weight: bold; font-size: 14px">type</div></td><td><div style="font-weight: bold; font-size: 14px">required</div></td><td><div style="font-weight: bold; font-size: 14px">default</div></td><td><div style="font-weight: bold; font-size: 14px">description</div></td></tr><tr><td class="td_row_even"><div class="td_row_even">whitelist_url</div></td><td class="td_row_even"><div class="td_row_even">list</div></td><td class="td_row_even"><div class="td_row_even">no</div></td><td class="td_row_even"><div class="td_row_even">null</div></td><td class="td_row_even"><div class="td_row_even">Whitelist urls for configured profile.</div></td></tr><tr><td class="td_row_odd"><div class="td_row_odd">blacklist_url</div></td><td class="td_row_odd"><div class="td_row_odd">list</div></td><td class="td_row_odd"><div class="td_row_odd">no</div></td><td class="td_row_odd"><div class="td_row_odd">null</div></td><td class="td_row_odd"><div class="td_row_odd">Blacklist urls for configured profile.</div></td></tr></tbody></table></td></tr><tr><td class="td_row_even"><div class="td_row_even">filter</div></td><td class="td_row_even"><div class="td_row_even">Filter urls based on mac and for specific days and time.</div></td><td class="td_row_even"><div class="td_row_even">true</div></td><td class="td_row_even"><table style="width:100%"><tbody><tr><td><div style="font-weight: bold; font-size: 14px">name</div></td><td><div style="font-weight: bold; font-size: 14px">type</div></td><td><div style="font-weight: bold; font-size: 14px">required</div></td><td><div style="font-weight: bold; font-size: 14px">default</div></td><td><div style="font-weight: bold; font-size: 14px">description</div></td></tr><tr><td class="td_row_even"><div class="td_row_even">enable</div></td><td class="td_row_even"><div class="td_row_even">boolean</div></td><td class="td_row_even"><div class="td_row_even">yes</div></td><td class="td_row_even"><div class="td_row_even">false</div></td><td class="td_row_even"><div class="td_row_even">Enables or disables specified filter.</div></td></tr><tr><td class="td_row_odd"><div class="td_row_odd">profile</div></td><td class="td_row_odd"><div class="td_row_odd">string</div></td><td class="td_row_odd"><div class="td_row_odd">yes</div></td><td class="td_row_odd"><div class="td_row_odd">null</div></td><td class="td_row_odd"><div class="td_row_odd">Specify profile on which to apply filter.</div></td></tr><tr><td class="td_row_even"><div class="td_row_even">macaddr</div></td><td class="td_row_even"><div class="td_row_even">list</div></td><td class="td_row_even"><div class="td_row_even">yes</div></td><td class="td_row_even"><div class="td_row_even">null</div></td><td class="td_row_even"><div class="td_row_even">Physical address to apply filter on.</div></td></tr><tr><td class="td_row_odd"><div class="td_row_odd">day</div></td><td class="td_row_odd"><div class="td_row_odd">list</div></td><td class="td_row_odd"><div class="td_row_odd">no</div></td><td class="td_row_odd"><div class="td_row_odd">null</div></td><td class="td_row_odd"><div class="td_row_odd">Specific day for filter.</div></td></tr><tr><td class="td_row_even"><div class="td_row_even">start_time</div></td><td class="td_row_even"><div class="td_row_even">string</div></td><td class="td_row_even"><div class="td_row_even">no</div></td><td class="td_row_even"><div class="td_row_even">null</div></td><td class="td_row_even"><div class="td_row_even">Specific time for filtering.</div></td></tr><tr><td class="td_row_odd"><div class="td_row_odd">duration</div></td><td class="td_row_odd"><div class="td_row_odd">string</div></td><td class="td_row_odd"><div class="td_row_odd">no</div></td><td class="td_row_odd"><div class="td_row_odd">null</div></td><td class="td_row_odd"><div class="td_row_odd">Duration of filtering.</div></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody>
{
"urlfilter":
[
{
"section": "globals",
"description": "global configuration for url filtering.",
"multi": false,
"options":
[
{
"name": "enable",
"type": "boolean",
"required": "yes",
"default": "false",
"description": "Enables or disables filtering globally."
},
{
"name": "global_blacklist",
"type": "boolean",
"required": "no",
"default": null,
"description": "Enables or disables global blacklist."
},
{
"name": "gbl_url",
"type": "list",
"required": "no",
"default": null,
"description": "Globally blacklisted urls i.e., facebook.com."
}
]
},
{
"section": "profile",
"description": "Whitelist or blacklist urls for configured profile.",
"multi": true,
"options":
[
{
"name": "whitelist_url",
"type": "list",
"required": "no",
"default": null,
"description": "Whitelist urls for configured profile."
},
{
"name": "blacklist_url",
"type": "list",
"required": "no",
"default": null,
"description": "Blacklist urls for configured profile."
}
]
},
{
"section": "filter",
"description": "Filter urls based on mac and for specific days and time.",
"multi": true,
"options":
[
{
"name": "enable",
"type": "boolean",
"required": "yes",
"default": "false",
"description": "Enables or disables specified filter."
},
{
"name": "profile",
"type": "string",
"required": "yes",
"default": null,
"description": "Specify profile on which to apply filter."
},
{
"name": "macaddr",
"type": "list",
"required": "yes",
"default": null,
"description": "Physical address to apply filter on."
},
{
"name": "day",
"type": "list",
"required": "no",
"default": null,
"description": "Specific day for filter."
},
{
"name": "start_time",
"type": "string",
"required": "no",
"default": null,
"description": "Specific time for filtering."
},
{
"name": "duration",
"type": "string",
"required": "no",
"default": null,
"description": "Duration of filtering."
}
]
}
]
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment