Adblock Engine

VPN encryption protects your packet in transit, but it does nothing to stop the servers you connect to from tracking you. Tunnely integrates a system-wide DNS sinkhole directly into the client daemon to execute tracker payloads before they load.

The Sinkhole Mechanism

In the application dashboard, you can toggle CyberSec on or off. This maps to the cyberSecEnabled parameter in the local daemon state.

When enabled, Tunnely injects a local DNS resolver (127.0.0.1:53) into the virtual WireGuard interface routing table. Before any outbound packet enters the mesh, the operating system asks this local resolver where the domain name is located.

[Web Browser] -- requests --> "google-analytics.com"
       ↓
[Tunnely Local DNS Resolver]
       ↓
[Rust Adblock Filter Engine] --> Matches blocklist rule (*.google-analytics.com)
       ↓
[Result] --> Returns "0.0.0.0" directly to browser (Sinkholed)

Brave's Rust Engine

Rather than building a subpar regular expression engine from scratch, the Tunnely daemon embeds adblock-rust, the exact underlying C++-compatible Rust crate that powers the Brave Browser's native adblocking capabilities.

This engine evaluates network requests against over 300,000 active rules in under 15 microseconds, providing a zero-latency browsing experience while instantly neutralizing:

• Cross-site trackers and telemetry pingbacks.
• Known malware distribution grids.
• Aggressive crypto-mining scripts.
• Intrusive visual advertisements that drain bandwidth.

Filter Lists

By default, the daemon fetches and aggregates the following filter lists upon initialization:

• EasyList (Standard adblocking)
• EasyPrivacy (Anti-tracking)
• Peter Lowe's Ad/Tracking List
• Tunnely Core Telemetry Filters (Custom rulesets targeting OS-level data collection)

These lists are safely cached locally within your application data directory to ensure immediate protection upon system boot, prior to establishing a connection with the distant relay mesh.