diff options
| -rw-r--r-- | dante/sockd.conf | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/dante/sockd.conf b/dante/sockd.conf new file mode 100644 index 0000000..b2d3d0b --- /dev/null +++ b/dante/sockd.conf @@ -0,0 +1,43 @@ +# Log locations (what to log is defined below) +logoutput: stdout /var/log/sockd.log + +# Traffic comes to "proxy" interface to get sent via "eth0" +internal: proxy port = 1080 +external: eth0 + +# No authentication, let the VPN handle this +socksmethod: none +clientmethod: none + +# Don't run as root, you dummy +user.privileged: sockd +user.unprivileged: sockd + +# Use same port as client, uncomment to do this for <1024 too +#compatibility: sameport + +# Rules when a client is trying to connect +client pass { + from: 172.16.0.0/24 port 1024-65535 to: 0.0.0.0/0 + log: connect disconnect +} +client block { + from: 0.0.0.0/0 to: 0.0.0.0/0 + log: connect error +} + +# Rules once a client has connected +socks block { + from: 0.0.0.0/0 to: 127.0.0.1/8 + log: connect error +} +socks pass { + from: 172.16.0.0/24 to: 0.0.0.0/0 + protocol: tcp udp + log: connect disconnect +} +socks block { + from: 0.0.0.0/0 to: 0.0.0.0/0 + log: connect error +} + |