From 6ab43e7ab5845033e4823fe33319dfe6f2047c55 Mon Sep 17 00:00:00 2001
From: Patrick Del Conte <p.del.conte@hotmail.ch>
Date: Wed, 27 Dec 2023 11:04:28 +0100
Subject: [PATCH] allow restriction of destination ip address

ALLOWED_DEST_FQDN can also match IP if FQDN is not defined
---
 README.md  |  2 +-
 ruleset.go | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 79bfca0..0c72e70 100644
--- a/README.md
+++ b/README.md
@@ -24,7 +24,7 @@ Simple socks5 server using go-socks5 with authentication, allowed ips list and d
 |PROXY_USER|String|EMPTY|Set proxy user (also required existed PROXY_PASS)|
 |PROXY_PASSWORD|String|EMPTY|Set proxy password for auth, used with PROXY_USER|
 |PROXY_PORT|String|1080|Set listen port for application inside docker container|
-|ALLOWED_DEST_FQDN|String|EMPTY|Allowed destination address regular expression pattern. Default allows all.|
+|ALLOWED_DEST_FQDN|String|EMPTY|Allowed destination address regular expression pattern. Default allows all. Examples "(192.168.0.1|go.dev)"|
 |ALLOWED_IPS|String|Empty|Set allowed IP's that can connect to proxy, separator `,`|
 
 
diff --git a/ruleset.go b/ruleset.go
index 4b9f6d6..b83c0fe 100644
--- a/ruleset.go
+++ b/ruleset.go
@@ -19,6 +19,13 @@ type PermitDestAddrPatternRuleSet struct {
 }
 
 func (p *PermitDestAddrPatternRuleSet) Allow(ctx context.Context, req *socks5.Request) (context.Context, bool) {
-	match, _ := regexp.MatchString(p.AllowedFqdnPattern, req.DestAddr.FQDN)
-	return ctx, match
+    var match bool
+    if req.DestAddr.FQDN != nil {
+        match, _ = regexp.MatchString(p.AllowedFqdnPattern, *req.DestAddr.FQDN)
+    } else if req.DestAddr.IP != nil {
+        match, _ = regexp.MatchString(p.AllowedFqdnPattern, *req.DestAddr.IP)
+    } else {
+	match = true
+    }
+    return ctx, match
 }