allow restriction of destination ip address

ALLOWED_DEST_FQDN can also match IP if FQDN is not defined
This commit is contained in:
Patrick Del Conte 2023-12-27 11:04:28 +01:00 committed by Patrick Del Conte
parent d0347549a4
commit 6ab43e7ab5
2 changed files with 10 additions and 3 deletions

View File

@ -24,7 +24,7 @@ Simple socks5 server using go-socks5 with authentication, allowed ips list and d
|PROXY_USER|String|EMPTY|Set proxy user (also required existed PROXY_PASS)| |PROXY_USER|String|EMPTY|Set proxy user (also required existed PROXY_PASS)|
|PROXY_PASSWORD|String|EMPTY|Set proxy password for auth, used with PROXY_USER| |PROXY_PASSWORD|String|EMPTY|Set proxy password for auth, used with PROXY_USER|
|PROXY_PORT|String|1080|Set listen port for application inside docker container| |PROXY_PORT|String|1080|Set listen port for application inside docker container|
|ALLOWED_DEST_FQDN|String|EMPTY|Allowed destination address regular expression pattern. Default allows all.| |ALLOWED_DEST_FQDN|String|EMPTY|Allowed destination address regular expression pattern. Default allows all. Examples "(192.168.0.1|go.dev)"|
|ALLOWED_IPS|String|Empty|Set allowed IP's that can connect to proxy, separator `,`| |ALLOWED_IPS|String|Empty|Set allowed IP's that can connect to proxy, separator `,`|

View File

@ -19,6 +19,13 @@ type PermitDestAddrPatternRuleSet struct {
} }
func (p *PermitDestAddrPatternRuleSet) Allow(ctx context.Context, req *socks5.Request) (context.Context, bool) { func (p *PermitDestAddrPatternRuleSet) Allow(ctx context.Context, req *socks5.Request) (context.Context, bool) {
match, _ := regexp.MatchString(p.AllowedFqdnPattern, req.DestAddr.FQDN) var match bool
return ctx, match if req.DestAddr.FQDN != nil {
match, _ = regexp.MatchString(p.AllowedFqdnPattern, *req.DestAddr.FQDN)
} else if req.DestAddr.IP != nil {
match, _ = regexp.MatchString(p.AllowedFqdnPattern, *req.DestAddr.IP)
} else {
match = true
}
return ctx, match
} }