README: update TLS/SSL SNI blocklist to XDP

Lunatik sni filter currently does not work for BPFire when chrome browser is used due to clienthello > 1500 bytes, XDP TLS/SSL has the same issue, to block domain access, it appears XDP DNS domain blocking works more reliable than SNI, so if there is need to block chrome browser for some domain, use XDP DNS domain blocking as mitigation. see #40 Signed-off-by: Vincent Li <[email protected]>
vincentmli · Oct 1, 2024 · 17d5413 · 17d5413
1 parent c1281a4
commit 17d5413
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ BPFire 基于IPFire 2.x, 一个基于Linux的安全坚固、多功能、先进
 
 1. XDP DDoS protection, See XDP SYNPROXY stops 10G DDoS SYN flood [here](https://www.youtube.com/watch?v=81Hgoy-x1A4)
 2. XDP DNS domain blocklist, ratelimit protection
-3. Lunatik LuaXDP SSL/TLS server name indication (SNI) blocklist, see [Lunatik](https://github.com/luainkernel/lunatik)
+3. XDP SSL/TLS server name indicator (SNI) blocklist
 4. eBPF based LoxiLB load balancer, Firewall, Proxy, see full features [LoxiLB](https://loxilb-io.github.io/loxilbdocs/#overall-features-of-loxilb)
 
 # Where can I get BPFire installation ISO or flash image?