Plucky rules change what you are able to access over the Internet, and which programs are allowed to access the Internet. They live in your Plucky configurations, and they always contain one of allow
, block
, blot
, or flee
, or one of unallow
, unblock
, unblot
, or unflee
.
Recall that rules can be added in one of 3 places.
Example Rules
Here are some example Plucky rules in textual form:
block image/
allow example.com
allow 127.0.0.1
block facebook.com
flee word:pizza
The above 5 rules tell Plucky to block images by default, to allow all content from example.com or 127.0.0.1, to block facebook.com, and to flee any website containing the word “pizza”.
A rule consists of an action, a context, and optionally a when modifier.
How to add a rule
A rule can be added in the browser, in a console, or on the user site.
How to remove a rule
A rule can be removed in the browser, in a console, or on the user site.
Action
All rules contain an action that is either allow
, block
, blot
, flee
, or one of their respective “undo” actions (unallow
, unblock
, unblot
, unflee
).
- allow
- Allow some specific context.
- block
- Block some specific context.
- blot
- Block imagery on a webpage.
- flee
- Flee a word or website.
- unallow
- Undo an allow rule. This is weaker than
block
. - unblock
- Undo a block rule This is weaker than
allow
, and bothflee
andblot
will still have effect on an unblocked (but not allowed) web page. - unblot
- Undo a blot rule. This can be used to negate a blot rule that would otherwise cause some web pages to be blotted.
- unflee
- Undo a flee rule. This can be used to negate a flee rule that would otherwise cause some web pages to be blocked.
allow
allow example.com
block
block example.com
blot
blot word pizza
blot word spaghetti sauce
The blot
action instructs Plucky to block imagery on webpages containing the indicated words.
flee
flee host obviouslybad.com
flee url https://example.com/obviously-bad
flee word pizza
flee word spaghetti sauce
The flee
action is similar to block
, but stronger. While block
will block access to a particular host or url, flee
will block any webpage that even contains a hyperlink to a particular host or url or that contains a certain word. Generally, you use flee
when the thing being fled is so obviously bad that any site that even mentions the term is probably also bad and worth blocking.
One may flee the following 3 contexts:
- hosts
- urls
- words
unallow
In this example, images will be blocked on http://example.com/questionable-page :
block image/
allow http://example.com/
unallow http://example.com/questionable-page
unblock
In this example, http://example.com/fine-page will be accessible but with images blocked , and http://example.com/ will not be accessible at all.
block image/
block http://example.com/
unblock http://example.com/fine-page
unblot
In this example, http://example.com/fine-page will not be blotted, even if it contains the word “pizza”.
blot word pizza
unblot http://example.com/fine-page word pizza
unblot
In this example, the page http://example.com/fine-page will not be blocked if it contains the word “pizza”.
flee word pizza
unflee http://example.com/fine-page word pizza
Context
A context can be a hostname, ipv4 address, ipv6 address, port, program name, media type, url, username, word (flee rules only), one of the special terms everything
or otherwise
, or some combination of these contexts.
host
allow example.com
block bb.example.com
allow host edu
A rule for a host
automatically affects all subdomains of that host. A top-level host must be qualified with host
. E.g., allow host edu
.
ipv4
allow 192.168.1.1
allow 192.168.1.0
allow 192.168.0.0
IP addresses ending in 0 affect the entire subnet.
ipv6
allow ::1
port
block port 80
A port requires an explicit port
qualification. E.g. allow port 22
protocol
block protocol wss
block protocol about
A protocol can be used to block some non-https urls in the browser. E.g., wss:, ws:, about:, etc.
program
block program calc.exe
allow program C:\Program Files\Visual Studio\code.exe
block program C:\Program Files\Visual Studio\code.exe
allow program /bin/curl
A program filename, a file system directory, or a full program pathname may be used.
Note that you can combine contexts to only allow programs access to some destinations. For example,
allow 10.10.0.0 program curl
allow github.com program curl
allow host edu program curl
allow user:peter host:live.com program:microsoft teams helper
See also nhb.
mediaType
block image/
allow image/svg
Either major media types or full media types can be used. See media types.
user
allow user susan
block user edmund
The user name must match that of a user on the local computer.
On Windows machines, some users have reported allow user
being innefective if the target of the rule is using a Microsoft acount. It’s recommended to use a local account for each user on the machine to avoid headaches.
url
allow http://example.com/a/b/c
block http://example.com/a/b
A rule for a urls automatically affects all suburls.
word (blot and flee rules only)
flee word pizza
flee word spaghetti sauce
See flee
everything
block everything
The everything
context can be used to allow
or block
everything. This is sometimes called a blackout (block everything
) or whiteout (allow everything
).
otherwise
allow otherwise
The otherwise
context can be used to specify what Plucky should do when no more specific context matches.
Precedence
When more than one rule can be applied, which one has precedence?
Rule priority is not baked in stone, but roughly speaking, the more specific rule should win. Let’s look at some examples.
Example 1 : youtube.com vs www.youtube.com
block youtube.com
allow www.youtube.com
Will https://www.youtube.com/ be blocked or not given the above two rules?
Short Answer: The main web page, https://www.youtube.com/ will not be blocked because allow www.youtube.com
is more specific than block youtube.com
.
Longer answer: Some sub-resources may be blocked, because some sub-resources may come from https://api.youtube.com/ , and allow www.youtube.com
is irrelevant to api.youtube.com, but block youtube.com
is relevant, and will instruct Plucky to block.
Advice: Avoid adding rules for both a domain and its subdomain (e.g., for youtube.com
and www.youtube.com
) because the result is almost never what you want. The main exceptions to this are huge sites such as google.com that has accounts.google.com, mail.google.com, store.google.com, etc.
Example 2 : https://www.youtube.com/ vs youtube.com
block youtube.com
allow https://www.youtube.com/
Will https://www.youtube.com/ be blocked or not given the above two rules?
In Plucky 1.14.10+, https://www.youtube.com/ will be blocked, but in older versions, https://www.youtube.com/ was allowed.
Advice: Do not mix url and host rules. If you want to block or allow an entire host, then use a host rule, but if you want to allow some urls, but not others on a given site, then use only url rules for that host.
Example 3 : https://www.youtube.com/ vs https://www.youtube.com/watch
allow https://www.youtube.com/
block https://www.youtube.com/watch
Will https://www.youtube.com/ be blocked or not given the above two rules?
https://www.youtube.com/ won’t be blocked, but https://www.youtube.com/watch?v=ZpNGsZvM7VY will be blocked.
Example 4 : program vs url
allow program chrome.exe
block https://www.youtube.com/
Will youtube be allowed?
In Chrome, yes, https://www.youtube.com/ will be allowed because the allow program chrome
rule is high priority.
Example 5 : user vs url
allow user jon
block https://www.youtube.com/
Will youtube be allowed?
For jon, yes, https://www.youtube.com/ will be allowed because the allow user jon
rule is high priority.
Example 6 : everything vs url
allow everything
block https://www.youtube.com/
Will youtube be allowed?
Yes, because allow everything
is nearly the highest priority rule possible, second only to block everything
.
Last updated: 2024-11-21