-
Notifications
You must be signed in to change notification settings - Fork 1
/
danted.conf
79 lines (74 loc) · 2.09 KB
/
danted.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
logoutput: syslog stdout
# TLS internal: lo port = 1081
# NOTLS internal: 0.0.0.0 port = 1080
external: eth0
clientmethod: none
socksmethod: username
user.privileged: root
user.unprivileged: nobody
user.libwrap: nobody
# TLS # Only allow client connexion from and to 127.0.0.1 (from local stunnel)
# TLS client pass {
# TLS from: 127.0.0.1/32 to: 127.0.0.1/32
# TLS }
# TLS client block {
# TLS from: 0.0.0.0/0 to: 0.0.0.0/0
# TLS }
# NOTLS client pass {
# NOTLS from: 0.0.0.0/0 to: 0.0.0.0/0
# NOTLS }
# https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks
# https://en.wikipedia.org/wiki/Reserved_IP_addresses
socks block {
from: 0.0.0.0/0 to: 0.0.0.0/8 # Reserved for self-identification
}
socks block {
from: 0.0.0.0/0 to: 10.0.0.0/8 # Reserved for Private Networks
}
socks block {
from: 0.0.0.0/0 to: 100.64.0.0/10 # Reserved for self-identification
}
socks block {
from: 0.0.0.0/0 to: 127.0.0.0/8 # Reserved for Loopback
}
socks block {
from: 0.0.0.0/0 to: 169.254.0.0/16 # Reserved for link-local addressing
}
socks block {
from: 0.0.0.0/0 to: 172.16.0.0/12 # Reserved for Private Networks
}
socks block {
from: 0.0.0.0/0 to: 192.0.0.0/24 # Reserved for IETF Protocol Assignments
}
socks block {
from: 0.0.0.0/0 to: 192.0.2.0/24 # Reserved for TEST-NET-1
}
socks block {
from: 0.0.0.0/0 to: 192.168.0.0/16 # Reserved for Private Networks
}
socks block {
from: 0.0.0.0/0 to: 198.18.0.0/15 # Reserved for Benchmark testing
}
socks block {
from: 0.0.0.0/0 to: 198.51.100.0/24 # Reserved for TEST-NET-2
}
socks block {
from: 0.0.0.0/0 to: 203.0.113.0/24 # Reserved for TEST-NET-3
}
socks block {
from: 0.0.0.0/0 to: 224.0.0.0/4 # Reserved for Multicast
}
socks block {
from: 0.0.0.0/0 to: 240.0.0.0/4 # Reserved for Future use
}
socks block {
from: 0.0.0.0/0 to: 255.255.255.255/32 # Reserved for broadcast
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: connect
}
# Block every other SOCKS5 command and ipv6
socks block {
from: 0/0 to: 0/0
}