diff --git a/dns/dns.go b/dns/dns.go
index 8768974..ae18ae3 100644
--- a/dns/dns.go
+++ b/dns/dns.go
@@ -53,7 +53,7 @@ func (d *Dns) ResolveHost(ctx context.Context, host string, enableDoh bool, useS
 	ctx, cancel := context.WithTimeout(ctx, 3*time.Second)
 	defer cancel()
 
-	logger.Debug().Msgf("resolving %s using %s", host, clt)
+	logger.Info().Msgf("resolving %s using %s", host, clt)
 
 	t := time.Now()
 
diff --git a/proxy/proxy.go b/proxy/proxy.go
index e936051..79edbe8 100644
--- a/proxy/proxy.go
+++ b/proxy/proxy.go
@@ -16,24 +16,26 @@ import (
 const scopeProxy = "PROXY"
 
 type Proxy struct {
-	addr           string
-	port           int
-	timeout        int
-	resolver       *dns.Dns
-	windowSize     int
-	enableDoh      bool
-	allowedPattern []*regexp.Regexp
+	addr             string
+	port             int
+	timeout          int
+	resolver         *dns.Dns
+	windowSize       int
+	enableDoh        bool
+	allowedPattern   []*regexp.Regexp
+	unallowedPattern []*regexp.Regexp
 }
 
 func New(config *util.Config) *Proxy {
 	return &Proxy{
-		addr:           config.Addr,
-		port:           config.Port,
-		timeout:        config.Timeout,
-		windowSize:     config.WindowSize,
-		enableDoh:      config.EnableDoh,
-		allowedPattern: config.AllowedPatterns,
-		resolver:       dns.NewDns(config),
+		addr:             config.Addr,
+		port:             config.Port,
+		timeout:          config.Timeout,
+		windowSize:       config.WindowSize,
+		enableDoh:        config.EnableDoh,
+		allowedPattern:   config.AllowedPatterns,
+		unallowedPattern: config.UnallowedPatterns,
+		resolver:         dns.NewDns(config),
 	}
 }
 
@@ -109,17 +111,27 @@ func (pxy *Proxy) Start(ctx context.Context) {
 }
 
 func (pxy *Proxy) patternMatches(bytes []byte) bool {
-	if pxy.allowedPattern == nil {
+	if pxy.allowedPattern == nil && pxy.unallowedPattern == nil {
 		return true
 	}
 
-	for _, pattern := range pxy.allowedPattern {
+	if pxy.unallowedPattern == nil {
+		for _, pattern := range pxy.allowedPattern {
+			if pattern.Match(bytes) {
+				return true
+			}
+		}
+		return false
+
+	}
+
+	for _, pattern := range pxy.unallowedPattern {
 		if pattern.Match(bytes) {
-			return true
+			return false
 		}
 	}
 
-	return false
+	return true
 }
 
 func isLoopedRequest(ctx context.Context, ip net.IP) bool {
diff --git a/util/args.go b/util/args.go
index a5edce6..1b44230 100644
--- a/util/args.go
+++ b/util/args.go
@@ -6,18 +6,19 @@ import (
 )
 
 type Args struct {
-	Addr           string
-	Port           int
-	DnsAddr        string
-	DnsPort        int
-	EnableDoh      bool
-	Debug          bool
-	NoBanner       bool
-	SystemProxy    bool
-	Timeout        int
-	AllowedPattern StringArray
-	WindowSize     int
-	Version        bool
+	Addr             string
+	Port             int
+	DnsAddr          string
+	DnsPort          int
+	EnableDoh        bool
+	Debug            bool
+	NoBanner         bool
+	SystemProxy      bool
+	Timeout          int
+	AllowedPattern   StringArray
+	UnallowedPattern StringArray
+	WindowSize       int
+	Version          bool
 }
 
 type StringArray []string
@@ -54,6 +55,11 @@ fragmentation for the first data packet and the rest
 		"pattern",
 		"bypass DPI only on packets matching this regex pattern; can be given multiple times",
 	)
+	flag.Var(
+		&args.UnallowedPattern,
+		"anti-pattern",
+		"bypass DPI on all packets except matching this regex pattern; can be given multiple times",
+	)
 
 	flag.Parse()
 
diff --git a/util/config.go b/util/config.go
index b303c1b..72c091d 100644
--- a/util/config.go
+++ b/util/config.go
@@ -9,17 +9,18 @@ import (
 )
 
 type Config struct {
-	Addr            string
-	Port            int
-	DnsAddr         string
-	DnsPort         int
-	EnableDoh       bool
-	Debug           bool
-	NoBanner        bool
-	SystemProxy     bool
-	Timeout         int
-	WindowSize      int
-	AllowedPatterns []*regexp.Regexp
+	Addr              string
+	Port              int
+	DnsAddr           string
+	DnsPort           int
+	EnableDoh         bool
+	Debug             bool
+	NoBanner          bool
+	SystemProxy       bool
+	Timeout           int
+	WindowSize        int
+	AllowedPatterns   []*regexp.Regexp
+	UnallowedPatterns []*regexp.Regexp
 }
 
 var config *Config
@@ -41,18 +42,19 @@ func (c *Config) Load(args *Args) {
 	c.NoBanner = args.NoBanner
 	c.SystemProxy = args.SystemProxy
 	c.Timeout = args.Timeout
-	c.AllowedPatterns = parseAllowedPattern(args.AllowedPattern)
+	c.AllowedPatterns = parsePattern(args.AllowedPattern)
+	c.UnallowedPatterns = parsePattern(args.UnallowedPattern)
 	c.WindowSize = args.WindowSize
 }
 
-func parseAllowedPattern(patterns StringArray) []*regexp.Regexp {
-	var allowedPatterns []*regexp.Regexp
+func parsePattern(patterns StringArray) []*regexp.Regexp {
+	var result []*regexp.Regexp
 
 	for _, pattern := range patterns {
-		allowedPatterns = append(allowedPatterns, regexp.MustCompile(pattern))
+		result = append(result, regexp.MustCompile(pattern))
 	}
 
-	return allowedPatterns
+	return result
 }
 
 func PrintColoredBanner() {