debian13/opt/blocky/blocky.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

upstreams:
  init:
    strategy: blocking
  groups:
    default:
      - tcp-tls:dns.quad9.net
      - tcp-tls:dns.mullvad.net

ports:
  dns: 53
  http: 4000
  tls: 853

customDNS:
  filterUnmappedTypes: false

blocking:
  denylists:
    ads:
      - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
      - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
      - http://sysctl.org/cameleon/hosts
      - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
    nsfw:
      - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/nsfw-onlydomains.txt
  clientGroupsBlock:
    default:
      - ads
      - nsfw
  blockType: zeroIp
  loading:
    refreshPeriod: 24h
    strategy: blocking

minTlsServeVersion: 1.3

bootstrapDns:
  - upstream: tcp-tls:dns.quad9.net
    ips:
      - 9.9.9.9
  - upstream: tcp-tls:dns.mullvad.net
    ips:
      - 194.242.2.2

certFile: /opt/blocky/certs/fullchain.pem
keyFile: /opt/blocky/certs/privkey.pem

log:
  level: warn
  privacy: true