https://github.com/sir-go/tls-reject
sniff and reject TLS connections to denied hosts
https://github.com/sir-go/tls-reject
dpi network packet-sniffer python sni tcp-ip tls traffic-analysis
Last synced: 7 days ago
JSON representation
sniff and reject TLS connections to denied hosts
- Host: GitHub
- URL: https://github.com/sir-go/tls-reject
- Owner: sir-go
- License: mit
- Created: 2022-10-04T10:16:03.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2022-11-03T20:28:41.000Z (almost 3 years ago)
- Last Synced: 2025-10-10T19:37:38.459Z (7 days ago)
- Topics: dpi, network, packet-sniffer, python, sni, tcp-ip, tls, traffic-analysis
- Language: Python
- Homepage:
- Size: 18.6 KB
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
README
[](https://github.com/sir-go/tls-reject/actions/workflows/python-app.yml)
## Traffic reject by TLS SNI
This is a part of the parental control system.
Script sniffs mirrored users traffic, gets values of TLS SNI extension in each packet,
and sends reset packets to the source IP if SNI contains a denied hostname.
Denied hostnames keep in the periodically updated MySQL database.
### Configure
Environment variables:
| variable | description |
|--------------------|------------------------------------|
| BLOCK_DB_HOST | mysql host |
| BLOCK_DB_USERNAME | db username |
| BLOCK_DB_PASSWORD | db password |
| BLOCK_DB_NAME | db name |
| BLOCK_UPD_INTERVAL | update list from db interval (sec) |
| BLOCK_IN_IF | input interface name |
| BLOCK_OUT_IF | output interface name |
### Install -> Test -> Run
```bash
virtualenv venv
source ./venv/bin/activate
pip install -r requirements.txt
python -m pytest && python reject.py
```