private void BlockDns(uint weight)
{
_ipLayer.ApplyToIpv4(layer =>
{
_sublayer.CreateRemoteTcpPortFilter(new DisplayData(
"ProtonVPN block DNS", "Blocks TCP 53 port"),
Action.HardBlock,
layer,
weight,
53);
});
_ipLayer.ApplyToIpv4(layer =>
{
_sublayer.CreateRemoteUdpPortFilter(new DisplayData(
"ProtonVPN block DNS",
"Blocks UDP 53 port"),
Action.HardBlock,
layer,
weight,
53);
});
}
private void PermitTunnelDns(string id, uint weight)
{
_ipLayer.ApplyToIpv4(layer =>
{
_sublayer.CreateNetInterfaceDnsFilter(
new DisplayData("ProtonVPN permit VPN tunnel", "Permit TAP adapter traffic"),
Action.HardPermit,
layer,
weight,
id);
});
}
private void BlockOutsideDns(uint weight, uint tapInterfaceIndex)
{
var callout = _sublayer.CreateCallout(
new DisplayData
{
Name = "ProtonVPN block dns callout",
Description = "Sends server failure packet response for non TAP DNS queries.",
},
_networkLayerCalloutGuid,
Layer.OutboundIPPacketV4);
_sublayer.BlockOutsideDns(new DisplayData("ProtonVPN block DNS", "Block outside dns"),
Layer.OutboundIPPacketV4,
weight,
callout,
tapInterfaceIndex);
_ipLayer.ApplyToIpv4(layer =>
{
_sublayer.CreateRemoteUdpPortFilter(new DisplayData(
"ProtonVPN DNS filter", "Permit UDP 53 port so we can block it at network layer"),
Action.HardPermit,
layer,
weight,
53);
});
_ipLayer.ApplyToIpv4(layer =>
{
_sublayer.CreateRemoteTcpPortFilter(new DisplayData(
"ProtonVPN block DNS", "Block TCP 53 port"),
Action.HardBlock,
layer,
weight,
53);
});
_ipLayer.ApplyToIpv6(layer =>
{
_sublayer.CreateRemoteTcpPortFilter(new DisplayData(
"ProtonVPN block DNS", "Block TCP 53 port"),
Action.HardBlock,
layer,
weight,
53);
});
_ipLayer.ApplyToIpv6(layer =>
{
_sublayer.CreateRemoteUdpPortFilter(new DisplayData(
"ProtonVPN block DNS",
"Block UDP 53 port"),
Action.HardBlock,
layer,
weight,
53);
});
}