From 6b1744e64517983989cdcf7cfa7b5c4164ed3d52 Mon Sep 17 00:00:00 2001 From: Nick Peng Date: Tue, 7 Nov 2023 22:57:15 +0800 Subject: [PATCH] update ip rule pages --- docs/config/ip-rule.md | 39 +++++++++++++++++++++++++++++++++++++++ en/docs/config/ip-rule.md | 38 ++++++++++++++++++++++++++++++++++++++ en/docs/config/ip-set.md | 2 +- 3 files changed, 78 insertions(+), 1 deletion(-) diff --git a/docs/config/ip-rule.md b/docs/config/ip-rule.md index 69be2c47c5..30e74f4356 100644 --- a/docs/config/ip-rule.md +++ b/docs/config/ip-rule.md @@ -19,32 +19,71 @@ smartdns提供了IP地址黑白名单和忽略相关的结果。 如果想对某个上游限制其返回的IP地址在白名单范围,非白名单的地址全部丢弃,则可以设置如下: +方法1: + ```shell server -whitelist-ip whitelist-ip 192.168.1.1/24 ``` +方法2: + +```shell +server -whitelist-ip +ip-rules 192.168.1.1/24 -whitelist-ip +``` + ## 黑名单IP地址 如下想对某个上游限制其返回的IP地址,将指定范围的IP丢弃,则可设置黑名单如下: +方法1: + ```shell server -blacklist-ip blacklist-ip 192.168.1.1/24 ``` +方法2: + +```shell +server -whitelist-ip +ip-rules 192.168.1.1/24 -whitelist-ip +``` + ## 忽略IP地址 如果希望使用上游返回的某个IP地址,可以配置忽略此IP。 +方法1: + ```shell ignore-ip 1.2.3.4 ``` +方法2: + +```shell +server -whitelist-ip +ip-rules 192.168.1.1/24 -whitelist-ip +``` + ## 假冒IP地址 如果网站不存在时,被ISP固定返回某个网段的IP地址的404页面,则可以使用此参数;比如电信的自定义404页面。则可以通过如下配置,让客户端接受到SOA,而不是被重定向的ISP的404页面。 +方法1: + ```shell bogus-nxdomain 1.2.3.4 ``` + +方法2: + +```shell +ip-rules 1.2.3.4 -bogus-nxdomain +``` + +## IP集合 + +如果有多个IP地址配置规则,可以使用[IP集合](../config/ip-set.md),进行快速配置。 \ No newline at end of file diff --git a/en/docs/config/ip-rule.md b/en/docs/config/ip-rule.md index c1a915bf3f..227b6a9dfc 100644 --- a/en/docs/config/ip-rule.md +++ b/en/docs/config/ip-rule.md @@ -19,32 +19,70 @@ smartdns provides IP address whitelist, blacklist and ignore rules for filtering If you want to restrict the IP addresses returned by an upstream server within a whitelist range, and disregard non-whitelisted addresses, you can set the following: +Method 1: + ```shell server -whitelist-ip whitelist-ip 192.168.1.1/24 ``` +Method 2: + +```shell +server -whitelist-ip +ip-rules 192.168.1.1/24 -whitelist-ip +``` + ## Blacklist IP addresses To restrict the return of IP addresses from a certain upstream and discard IP within a specified range, a blacklist can be set up as follows: +Method 1: + ```shell server -blacklist-ip blacklist-ip 192.168.1.1/24 ``` +Method 2: + +```shell +server -blacklist-ip +ip-rules 192.168.1.1/24 -blacklist-ip +``` + ## Ignore IP addresses If you want to use a specific IP address returned by an upstream server, you can configure it to be ignored. +Method 1: + ```shell ignore-ip 1.2.3.4 ``` +Method 2: + +```shell +ip-rules 1.2.3.4 -ignore-ip +``` + ## Spoof IP addresses If the ISP returns a 404 page containing a specific IP address range when the website does not exist, such as China Telecom's custom 404 page, you can use this parameter to return an SOA to the client instead of the ISP's redirect 404 page. +Method 1: + ```shell bogus-nxdomain 1.2.3.4 ``` + +Method 2: + +```shell +ip-rules 1.2.3.4 -bogus-nxdomain +``` + +## IP Set + +If there are multiple IP address configuration rules, you can use [IP Set](../config/ip-set.md) for quick configuration. \ No newline at end of file diff --git a/en/docs/config/ip-set.md b/en/docs/config/ip-set.md index f557583475..539ecea272 100644 --- a/en/docs/config/ip-set.md +++ b/en/docs/config/ip-set.md @@ -3,7 +3,7 @@ hide: - toc --- -# Using IP Address Sets +# Using IP Address Set To facilitate the configuration of IP addresses according to sets, for configurations that use `ip/subnet`, IP address sets can be specified for easy maintenance. The specific method is as follows: