add client-ip mac address description

pymumu · Jan 11, 2024 · 74b8031 · 74b8031
1 parent 8b6abdc
commit 74b8031
Show file tree

Hide file tree

Showing 8 changed files with 24 additions and 9 deletions.
diff --git a/docs/config/client-rule.md b/docs/config/client-rule.md
@@ -5,7 +5,7 @@ hide:
 
 # 客户端规则
 
-smartdns支持根据客户端IP地址，对客户端设置不同的规则，可以实现：
+smartdns支持根据客户端IP，MAC地址，对客户端设置不同的规则，可以实现：
 
  * 家长控制：限制特定客户端可访问的网站。
  * 访问控制：禁止未经允许的客户端查询。
@@ -20,6 +20,8 @@ smartdns支持根据客户端IP地址，对客户端设置不同的规则，可
  group-begin child
  # 设置规则组对应的客户端IP
  client-rules 192.168.1.13
+ # 设置规则对应的客户端MAC地址
+ client-rules 01:02:03:04:05:06
  # 设置规则组使用的上游服务器
  server 1.2.3.4 -e
  # 禁止特定域名

diff --git a/docs/config/rule-group.md b/docs/config/rule-group.md
@@ -17,15 +17,18 @@ smartdns支持规则组，不同的规则组之间隔离，方便按照域名或
 | conf-file -group | 以指定规则组包含文件，等价group-begin, group-end 
 
 
-通过group-match可以指定匹配规则，有客户端IP：`-client-ip cidr`，域名：`-domain`。
+通过group-match可以指定匹配规则，有客户端IP：`-client-ip cidr|ip-set|mac`，域名：`-domain`。
 
 ## 按域名或客户端IP匹配规则组
 
  ```
  # 规则开始，指定名称为rule。
  group-begin rule
- # 设置匹配规则，如下为匹配IP或者域名。
+ # 设置匹配规则，如下为匹配IP、MAC或者域名。
  group-match -client-ip 192.168.1.1/24 -domain a.com
+ group-match -client-ip 01:02:03:04:05:06
+ group-match -client-ip ip-set:clien-ip 
+ group-match -domain domain-set:domain-list
  # 设置相关的规则
  address #
  # 规则结束

diff --git a/docs/configuration.md b/docs/configuration.md
@@ -49,7 +49,7 @@ hide:
 | acl-enable | 启用ACL | no | [yes\|no] <br /> 和client-rules搭配使用。| acl-enable yes | 
 | group-begin | 规则组开始 | 无 | 组名:<br /> 和group-end搭配使用，启用此参数后，group-begin参数之后的配置项将设置到对应的组中，直到group-end结束。| group-begin group-name | 
 | group-end | 规则组结束 | 无 | 和group-begin搭配使用 | group-end |
-| group-match | 匹配组规则 | 无 | 当满足条件时使用对应的规则组<br />[-g\|group group-name]: 指定规则组，可选，不指定时，使用当前group-begin的组。<br />[-client-ip ip/cidr]: 指定客户端IP地址，匹配时，使用指定的组。<br />[-domain domain]: 指定域名，匹配时使用指定的组。 | group-match -client-ip 1.1.1.1 -domain a.com
+| group-match | 匹配组规则 | 无 | 当满足条件时使用对应的规则组<br />[-g\|group group-name]: 指定规则组，可选，不指定时，使用当前group-begin的组。<br />[-client-ip ip-set\|ip/cidr\|mac address]: 指定客户端IP地址，匹配时，使用指定的组。<br />[-domain domain]: 指定域名，匹配时使用指定的组。 | group-match -client-ip 1.1.1.1 -domain a.com <br />group-match -client-ip ip-set:clients -domain domain-set:domainlist
 | conf-file | 附加配置文件 | 无 | path [-g\|group group-name] <br />path: 合法路径字符串，通配符号 <br />[-g\|group]: 对应配置文件配置所属规则组 | conf-file /etc/smartdns/smartdns.more.conf <br /> conf-file \*.conf <br /> conf-file \*.conf -group oversea |
 | server | 上游 UDP DNS | 无 | 可重复。<br />[ip][:port]\|URL：服务器 IP:端口（可选）或 URL <br />[-blacklist-ip]：配置 IP 过滤结果。<br />[-whitelist-ip]：指定仅接受参数中配置的 IP 范围<br />[-g\|-group [group] ...]：DNS 服务器所属组，比如 office 和 foreign，和 nameserver 配套使用<br />[-e\|-exclude-default-group]：将 DNS 服务器从默认组中排除。<br />[-set-mark mark]：设置数据包标记so-mark。<br />[-p\|-proxy name]：设置代理服务器。 <br />[-b\|-bootstrap-dns]：标记此服务器为bootstrap服务器。<br />[-subnet]：指定服务器使用的edns-client-subnet。<br />[-interface]：绑定到对应的网口。| server 8.8.8.8:53 -blacklist-ip -group g1 -proxy proxy<br /> server tls://8.8.8.8|
 | server-tcp | 上游 TCP DNS | 无 | 可重复。<br />[ip][:port]：服务器 IP:端口（可选）<br />[-blacklist-ip]：配置 IP 过滤结果<br />[-whitelist-ip]：指定仅接受参数中配置的 IP 范围。<br />[-g\|-group [group] ...]：DNS 服务器所属组，比如 office 和 foreign，和 nameserver 配套使用<br />[-e\|-exclude-default-group]：将 DNS 服务器从默认组中排除。<br />[-set-mark mark]：设置数据包标记so-mark。<br />[-p\|-proxy name]：设置代理服务器。 <br />[-b\|-bootstrap-dns]：标记此服务器为bootstrap服务器。<br />[-subnet]：指定服务器使用的edns-client-subnet。<br />[-interface]：绑定到对应的网口。| server-tcp 8.8.8.8:53 |
@@ -77,7 +77,7 @@ hide:
 | nftset-debug | 设置 nftset 调试功能启用 | no | [yes\|no] | nftset-debug yes |
 | domain-rules | 设置域名规则 | 无 | domain-rules /domain/ [-rules...]<br />[-c\|-speed-check-mode]：测速模式，参考 speed-check-mode 配置<br />[-a\|-address]：参考 address 配置<br />[-n\|-nameserver]：参考 nameserver 配置<br />[-p\|-ipset]：参考ipset配置<br />[-t\|-nftset]：参考nftset配置<br />[-d\|-dualstack-ip-selection]：参考 dualstack-ip-selection<br /> [-no-serve-expired]：禁用过期缓存<br />[-rr-ttl\|-rr-ttl-min\|-rr-ttl-max]: 参考配置rr-ttl, rr-ttl-min, rr-ttl-max<br />[-no-cache]：不缓存当前域名<br />[-r\|-response-mode]：响应模式，参考 response-mode 配置<br />[-delete]：删除对应的规则<br /> [no-ip-alias]: 忽略ip别名规则| domain-rules /www.example.com/ -speed-check-mode none |
 | domain-set | 设置域名集合 | 无 | domain-set [options...]<br />[-n\|-name]：域名集合名称 <br />[-t\|-type]：域名集合类型，当前仅支持list，格式为域名列表，一行一个域名。<br />[-f\|-file]：域名集合文件路径。<br /> 选项需要配合address, nameserver, ipset, nftset等需要指定域名的地方使用，使用方式为 /domain-set:[name]/| domain-set -name set -type list -file /path/to/list <br /> address /domain-set:set/1.2.4.8 |
-| client-rules | 客户端规则 | 无 | [ip/subnet] [-g\|group group-name] [-rules...] <br />设置客户端规则和规则组，规则参数与bind一样，具体参数选项请参考bind，一般情况搭配group-begin、group-end使用。 | client-rules 192.168.1.1 -g oversea |
+| client-rules | 客户端规则 | 无 | [ip-set\|ip/subnet\|mac address] [-g\|group group-name] [-rules...] 客户端机器参数可以输入IP地址，IP集合，MAC地址。<br />设置客户端规则和规则组，规则参数与bind一样，具体参数选项请参考bind，一般情况搭配group-begin、group-end使用。 | client-rules 192.168.1.1 -g oversea <br />client-rules 00:01:02:03:04:05 <br />client-rules ip-set:clients|
 | bogus-nxdomain | 假冒 IP 地址过滤 | 无 | [ip/subnet]，可重复 | bogus-nxdomain 1.2.3.4/16 |
 | ignore-ip | 忽略 IP 地址 | 无 | [ip/subnet]，可重复 | ignore-ip 1.2.3.4/16 |
 | whitelist-ip | 白名单 IP 地址 | 无 | [ip/subnet]，可重复 | whitelist-ip 1.2.3.4/16 |

diff --git a/docs/index.md b/docs/index.md
@@ -20,6 +20,9 @@ SmartDNS 同时支持指定特定域名 IP 地址，并高性匹配，可达到
 1. **多 DNS 上游服务器** 
  支持配置多个上游 DNS 服务器，并同时进行查询，即使其中有 DNS 服务器异常，也不会影响查询。 
 
+1. **支持每个客户端独立控制** 
+ 支持基于MAC，IP地址控制客户端使用不同查询规则，可实现家长控制等功能。 
+
 1. **返回最快 IP 地址** 
  支持从域名所属 IP 地址列表中查找到访问速度最快的 IP 地址，并返回给客户端，提高网络访问速度。
 

diff --git a/en/docs/config/client-rule.md b/en/docs/config/client-rule.md
@@ -5,7 +5,7 @@ hide:
 
 # Client Rules
 
-smartdns supports setting different rules for clients based on their IP addresses, allowing for:
+smartdns supports setting different rules for clients based on their IP addresses or MAC addresses, allowing for:
 
  * Parental control: Restricting access to specific websites for certain clients.
  * Access control: Prohibiting unauthorized clients from making queries.
@@ -20,6 +20,8 @@ smartdns supports setting different rules for clients based on their IP addresse
  group-begin child
  # Set client IP for the rule group
  client-rules 192.168.1.13
+ # Set client MAC address for the rule group
+ client-rules 01:02:03:04:05:06
  # Set upstream server for the rule group
  server 1.2.3.4 -e
  # Block specific domain

diff --git a/en/docs/config/rule-group.md b/en/docs/config/rule-group.md
@@ -24,8 +24,10 @@ You can specify matching rules using group-match, including client IP: `-client-
  ```
  # Rule begins, named as rule.
  group-begin rule
- # Set matching rules, as follows for matching IP or domain.
+ # Set matching rules, as follows for matching IP, MAC or domain.
  group-match -client-ip 192.168.1.1/24 -domain a.com
+ group-match -client-ip ip-set:clien-ip 
+ group-match -domain domain-set:domain-list
  # Set related rules
  address #
  # Rule ends

diff --git a/en/docs/configuration.md b/en/docs/configuration.md
@@ -45,7 +45,7 @@ hide:
 |acl-enable|enable ACL| no | [yes\|no] <br /> Used with client-rules.| acl-enable yes | 
 |group-begin|rule group start|None|Group name:<br />Used with group-end, when enabled, the configuration items after group-begin will be set to the corresponding group until group-end is encountered.|group-begin group-name|
 |group-end|rule group end| None | Used group-begin.| group-end |
-|group-match| Match group rules | None | Use the corresponding rule group when conditions are met. <br />`[-g\|group group-name]`: Specify the rule group, optional. If not specified, use the group from the current group-begin. <br />`[-client-ip ip/cidr]`: Specify the client IP address, use the specified group when matched. <br />`[-domain domain]`: Specify the domain name, use the specified group when matched. | group-match -client-ip 1.1.1.1 -domain a.com
+|group-match| Match group rules | None | Use the corresponding rule group when conditions are met. <br />`[-g\|group group-name]`: Specify the rule group, optional. If not specified, use the group from the current group-begin. <br />`[-client-ip ip-set\|ip/cidr\|mac address]`: Specify the client IP address, use the specified group when matched. <br />`[-domain domain]`: Specify the domain name, use the specified group when matched. | group-match -client-ip 1.1.1.1 -domain a.com <br /> group-match -client-ip ip-set:clients -domain domain-set:domainlist
 |conf-file|additional conf file|None|file [-g\|-group group-name] <br /> file: File path, wildcard. <br />[-g\|-group group-name]: The rule group to which the corresponding configuration file configuration belongs. |conf-file /etc/smartdns/smartdns.more.conf <br /> conf-file \*.conf <br /> conf-file \*.conf -g group-tv | 
 |server|Upstream UDP DNS server|None|Repeatable <br />`[ip][:port]|URL`: Server IP, port optional OR URL. <br />`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br />`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br />`[-g|-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br />`[-e|-exclude-default-group]`: Exclude DNS servers from the default group. <br />`[-set-mark mark]`: set mark on packets <br /> `[-p|-proxy name]`: set proxy server <br /> `[-b|-bootstrap-dns]`: set as bootstrap dns server <br />[-subnet]：set per server edns-client-subnet. <br />[-interface]: bind to interface. | server 8.8.8.8:53 -blacklist-ip<br />server tls://8.8.8.8
 |server-tcp|Upstream TCP DNS server|None|Repeatable <br />`[ip][:port]`: Server IP, port optional. <br />`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br />`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br />`[-g|-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br />`[-e|-exclude-default-group]`: Exclude DNS servers from the default group <br />`[-set-mark mark]`: set mark on packets <br /> `[-p|-proxy name]`: set proxy server <br /> `[-b|-bootstrap-dns]`: set as bootstrap dns server <br />[-subnet]：set per server edns-client-subnet. <br />[-interface]: bind to interface. | server-tcp 8.8.8.8:53
@@ -73,7 +73,7 @@ hide:
 |nftset-debug|nftset debug enable|no|[yes\|no]|nftset-debug yes
 |domain-rules|set domain rules|None|domain-rules /domain/ [-rules...]<br />[-c\|-speed-check-mode]: set speed check mode, same as parameter `speed-check-mode`<br />[-a\|-address]: same as parameter `address` <br />[-n\|-nameserver]: same as parameter `nameserver`<br />[-p|-ipset]: same as parameter `nftset`<br />[-t\|-nftset]: same as parameter `nftset`<br />[-d\|-dualstack-ip-selection]: same as parameter `dualstack-ip-selection`<br /> [-no-serve-expired]: disable serve expired<br />[-rr-ttl\|-rr-ttl-min\|-rr-ttl-max]: same as parameter: `rr-ttl`, `rr-ttl-min`, `rr-ttl-max`<br />[-no-cache]：not cache this domain.<br />[-r\|-response-mode]：response mode, same as `response-mod`e<br />[-delete]: delete rule <br /> [no-ip-alias]: ignore ip-alias rule|domain-rules /www.example.com/ -speed-check-mode none
 | domain-set | collection of domains|None| domain-set [options...]<br />[-n\|-name]: name of set <br />[-t\|-type] [list]: set type, only support list, one domain per line <br />[-f\|-file]: file path of domain set<br /> used with address, nameserver, ipset, nftset, example: /domain-set:[name]/ | domain-set -name set -type list -file /path/to/list <br /> address /domain-set:set/1.2.4.8 |
-|client-rules| Client rules | None | [ip/subnet] [-g\|group group-name] [-rules...] <br />Set client rules and rule groups, the rule parameters are the same as bind, please refer to bind for specific parameter options. Generally used with group-begin, group-end. | client-rules 192.168.1.1 -g group-tv |
+|client-rules| Client rules | None | [ip-set\|ip/subnet\|mac address] [-g\|group group-name] [-rules...] <br />Set client rules and rule groups, the rule parameters are the same as bind, please refer to bind for specific parameter options. Generally used with group-begin, group-end. | client-rules 192.168.1.1 -g group-tv <br />client-rules 00:01:02:03:04:05 <br /> client-rules ip-set:clients|
 |bogus-nxdomain|bogus IP address|None|[IP/subnet], Repeatable| bogus-nxdomain 1.2.3.4/16
 |ignore-ip|ignore ip address|None|[ip/subnet], Repeatable| ignore-ip 1.2.3.4/16
 |whitelist-ip|ip whitelist|None|[ip/subnet], Repeatable, When the filtering server responds IPs in the IP whitelist, only result in whitelist will be accepted| whitelist-ip 1.2.3.4/16

diff --git a/en/docs/index.md b/en/docs/index.md
@@ -19,6 +19,9 @@ Support Raspberry Pi, openwrt, ASUS router, Windows and other devices.
 1. **Multiple upstream DNS servers** 
  Support configuring multiple upstream DNS servers and query at the same time.the query will not be affected, Even if there is a DNS server exception. 
 
+1. **Support per-client query control** 
+ Support controlling clients using different query rules based on MAC and IP addresses, enabling features such as parental control. 
+
 1. **Return the fastest IP address** 
  Supports finding the fastest access IP address from the IP address list of the domain name and returning it to the client to avoid DNS pollution and improve network access speed.