proxy { # TCP listen address listen = ":3128" # TCP bind address for outgoing connections #bind = "10.42.42.215" # Interface for outgoign connections #interface = "en1" # Upstream proxies upstream = [] policy { on intercept { domain = ["sensitive"] permit = false } on request { source = ["kids"] domain = ["nsfw"] permit = false } on request { source = ["kids"] domain = ["nsfw"] permit = false } on days { days = "mon-thu,sun" on time { time = ["22:00", "06:00"] on request { source = ["kids"] domain = ["social"] permit = false } } } } } dns { # Set the cache size #size = 1024 # Set the time to live for positive responses (in seconds) #ttl = 300 # Set the resolve timeout (in seconds) #timeout = 10 # Set the DNS servers #servers = ["1.1.1.1", "8.8.8.8"] # Disable IPv6 noipv6 = true } mitm { ca { cert = "testdata/ca.crt" key = "testdata/ca.key" key_type = "ecc" days = 1825 organization = "maze.io" } key { type = "rsa" bits = 2048 } cache { #type = "memory" type = "disk" path = "testdata/mitm" expire = 10 } } cache { type = "memory" size = 10485760 } match { path = "testdata/match" network "internal" { type = "list" list = [ "0.0.0.0/32", "127.0.0.0/8", "169.254.0.0/16", "fe80::/10", ] } network "kids" { type = "list" list = ["10.42.66.0/24"] } domain "sensitive" { type = "list" list = [ # Banking "abnamro.nl", "knab.nl", "rabobank.nl", # Government "belastingdienst.nl", "digid.nl", # Messaging "signal.org", "telegram.org", "whatsapp.net", "whatsapp.com", ] } domain "social" { type = "list" list = [ "pinterest.com", "reddit.com", "x.com", # YouTube "googlevideo.com", "youtube.com", "youtu.be", "ytimg.com", ] } domain "nsfw" { type = "domains" from = "https://energized.pro/nsfw/domains.txt" refresh = 43200 # 12h } domain "ads" { type = "detect" from = "https://small.oisd.nl/dnsmasq" refresh = 12 } }