====== Preparing dictionaries that list resources to block ====== {{indexmenu_n>4}} Preparing a dictionary with a list of resources to block takes two steps. Firstly, one creates a text file with a list of resources. Secondly, one converts this file into an internal format by means of a special utility. The conversion is carried out with two utilities: * ''url2dic'' - for URL, SNI CN * ''ip2bin'' - for IP Blacklist Checker Utility - ''[[en:dpi:dpi_components:utilities:management_utilities|checklock]]''. ===== File format with a list of URLs to block (HTTP domains): ===== Each line contains one URL (without http:// prefix). For example: httpforever.com/index *forever.com/index (included 123forever.com/index, www.forever.com/index, biglikeforever.com/index etc) 3dmx.net *.3dmx.net (included wwww.3dmx.net, map.3dmx.net etc) To convert into the internal format cat my_url_list.txt|url2dic my_url_list.dic To convert into the internal format with automatic conversion of domains and URL-letters written in the national alphabet in utf-8 encoding: cat my_url_list.txt|url2norm|url2dic my_url_list.dic ===== File format with a list of names to block in SSL certificates (QUIC/HTTPS domains): ===== Each line contains one [[en:dpi:dpi_options:opt_filtration:making_dictionary:cn_info|name]]. For example: www.vasexperts.com *.facebook.com (included wwww.facebook.com, m.facebook.com etc) *google.com (included wwww.google.com, 123google.com etc) To convert into the internal format: cat my_cn_list.txt|url2dic my_cn_list.dic ===== File format with a list of public SNI (QUIC/HTTPS domains) ===== Each line contains one SNI (without https:// prefix), it is allowed to use *, for example: x.com *.youtube.com (included wwww.youtube.com, m.youtube.com etc) *google.com (included wwww.google.com, 123google.com etc) To convert into internal format cat my_sni_list.txt|url2dic my_sni_list.bin ===== File format with the list of blocked IP addresses, CIDR: ===== As of version 12.4, list-based list creation is supported: * IPv4 port_number * IPv4 * IPv6 port_number * IPv6 * CIDR IPv4/IPv6 Each line of the file contains only one entry, example for IPv4: 78.47.115.34 443 95.211.6.93 95.211.4.0/24 SSG allows the client to establish TCP connection and waits for data transfer. According to the data SSG determines the protocol and in case of HTTP/HTTPS/QUIC it waits for the transmission of URL/SNI/CN, for other protocols it blocks data transmission at once. This behavior is due to the fact that one IP address may have many domains and the priority check by URL/SNI/CN. \\ Since version 13, support for hard blocking (despite URL/SNI/CN name) has been added - set by adding the code word ''hard'' to the IP list, example for IPv4: 78.47.115.34 443 hard 95.211.6.93 hard 95.211.4.0/24 hard To convert into the internal format: cat my_ip_list.txt|ip2bin my_ip_list.bin **SSG 12.4+** Added the ability to use CIDRs, addresses, and ports for IPv4 and IPv6 blacklists and whitelists.\\ If CIDR or address is set, all TCP ports are blocked (UDP with the setting ''[[en:dpi:dpi_components:platform:subscriber_management:subsman_cmd#configuring_tcp_and_udp_protocol_blocking|udp_block=3]]'')