Pluckeye rules change what you are able to access over the Internet, and which programs are allowed to access the Internet. They live in your Pluckeye configurations, and they always contain one of allow, block, or flee.

Recall that rules can be added in one of 3 places.

Example Rules

Here are some example Pluckeye rules in textual form:

block image/
allow example.com
allow 127.0.0.1
block facebook.com
flee word:pizza

The above 5 rules tell Pluckeye to block images by default, to allow all content from example.com or 127.0.0.1, to block facebook.com, and to flee any website containing the word “pizza”.

A rule consists of an action, a context, and optionally a when modifier.

How to add a rule

A rule can be added in the browser, in a console, or on the user site.

How to remove a rule

A rule can be removed in the browser, in a console, or on the user site.

Action

All rules contain an action that is either allow, block, or flee.

allow
allow some specific context
block
block some specific context
flee
flee a word or website

allow

allow example.com

block

block example.com

flee

flee host obviouslybad.com
flee url https://example.com/obviously-bad
flee word pizza

The flee action is similar to block, but stronger. While block will block a particular host or url, flee will block any webpage that links to a particular host or url or that contains a certain word.

One may flee the following 3 contexts:

  1. hosts
  2. urls
  3. words

Context

A context can be a hostname, ipv4 address, ipv6 address, port, program name, media type, url, username, word (flee rules only), one of the special terms everything or otherwise, or some combination of these contexts.

host

allow example.com
block bb.example.com
allow .edu

A rule for a host automatically affects all subdomains of that host. A top-level host must be qualified with host or with an explicit . E.g., allow .edu.

ipv4

allow 192.168.1.1
allow 192.168.1.0
allow 192.168.0.0

IP addresses ending in 0 affect the entire subnet.

ipv6

allow ::1

port

block port 80

A port requires an explicit port qualification. E.g. allow port 22

program

block program calc.exe
allow program C:\Program Files\Visual Studio\code.exe
block program C:\Program Files\Visual Studio\code.exe
allow program /bin/curl

A program filename, a file system directory, or a full program pathname may be used.

See also nhb.

mediaType

block image/
allow image/svg

Either major media types or full media types can be used. See media types.

user

allow user susan
block user edmund

The user name must match that of a user on the local computer.

url

allow http://example.com/a/b/c
block http://example.com/a/b

A rule for a urls automatically affects all suburls.

word (flee rules only)

flee word pizza
flee host example.com

See flee

everything

block everything

The everything context can be used to allow or block everything. This is sometimes called a blackout (block everything) or whiteout (allow everything).

otherwise

allow otherwise

The otherwise context can be used to specify what Pluckeye should do when no more specific context matches.