diff --git a/README.md b/README.md
index 5008a13..6fa7e57 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,13 @@ Simple socks5 server using go-socks5 with authentication options
 
 ## Start container with proxy
 
-```docker run -d --name socks5 -p 1080:1080 -e PROXY_USER=<PROXY_USER> -e PROXY_PASSWORD=<PROXY_PASSWORD>  serjs/go-socks5-proxy```
+```
+docker run -d --name socks5 -p 1080:1080 \
+    -e PROXY_USER=<PROXY_USER> \
+    -e PROXY_PASSWORD=<PROXY_PASSWORD> \
+    -e ALLOWED_DEST_FQDN=<REGEX_PATTERN> \
+    serjs/go-socks5-proxy
+```
 
 Leave `PROXY_USER` and `PROXY_PASSWORD` empty for skip authentication options while running socks5 server.
 
@@ -18,6 +24,7 @@ Leave `PROXY_USER` and `PROXY_PASSWORD` empty for skip authentication options wh
 |PROXY_USER|String|EMPTY|Set proxy user (also required existed PROXY_PASS)|
 |PROXY_PASSWORD|String|EMPTY|Set proxy password for auth, used with PROXY_USER|
 |PROXY_PORT|String|1080|Set listen port for application inside docker container|
+|ALLOWED_DEST_FQDN|String|EMPTY|Allowed destination address regular expression pattern. Default allows all.|
 |TZ|String|UTC|Set Timezone like in many common Operation Systems|
 |ALLOWED_IPS|String|Empty|Set allowed IP's that can connect to proxy, separator `,`|
 
diff --git a/ruleset.go b/ruleset.go
new file mode 100644
index 0000000..4b9f6d6
--- /dev/null
+++ b/ruleset.go
@@ -0,0 +1,24 @@
+package main
+
+import (
+	"regexp"
+
+	"github.com/armon/go-socks5"
+	"golang.org/x/net/context"
+)
+
+// PermitDestAddrPattern returns a RuleSet which selectively allows addresses
+func PermitDestAddrPattern(pattern string) socks5.RuleSet {
+	return &PermitDestAddrPatternRuleSet{pattern}
+}
+
+// PermitDestAddrPatternRuleSet is an implementation of the RuleSet which
+// enables filtering supported destination address
+type PermitDestAddrPatternRuleSet struct {
+	AllowedFqdnPattern string
+}
+
+func (p *PermitDestAddrPatternRuleSet) Allow(ctx context.Context, req *socks5.Request) (context.Context, bool) {
+	match, _ := regexp.MatchString(p.AllowedFqdnPattern, req.DestAddr.FQDN)
+	return ctx, match
+}
diff --git a/server.go b/server.go
index 41d28ae..921f1ac 100644
--- a/server.go
+++ b/server.go
@@ -10,10 +10,11 @@ import (
 )
 
 type params struct {
-	User       string   `env:"PROXY_USER" envDefault:""`
-	Password   string   `env:"PROXY_PASSWORD" envDefault:""`
-	Port       string   `env:"PROXY_PORT" envDefault:"1080"`
-	AllowedIPs []string `env:"ALLOWED_IPS" envSeparator:"," envDefault:""`
+	User            string    `env:"PROXY_USER" envDefault:""`
+	Password        string    `env:"PROXY_PASSWORD" envDefault:""`
+	Port            string    `env:"PROXY_PORT" envDefault:"1080"`
+	AllowedDestFqdn string    `env:"ALLOWED_DEST_FQDN" envDefault:""`
+	AllowedIPs      []string  `env:"ALLOWED_IPS" envSeparator:"," envDefault:""`
 }
 
 func main() {
@@ -25,7 +26,7 @@ func main() {
 	}
 
 	//Initialize socks5 config
-	socsk5conf := &socks5.Config{
+	socks5conf := &socks5.Config{
 		Logger: log.New(os.Stdout, "", log.LstdFlags),
 	}
 
@@ -34,10 +35,14 @@ func main() {
 			os.Getenv("PROXY_USER"): os.Getenv("PROXY_PASSWORD"),
 		}
 		cator := socks5.UserPassAuthenticator{Credentials: creds}
-		socsk5conf.AuthMethods = []socks5.Authenticator{cator}
+		socks5conf.AuthMethods = []socks5.Authenticator{cator}
 	}
 
-	server, err := socks5.New(socsk5conf)
+	if cfg.AllowedDestFqdn != "" {
+		socks5conf.Rules = PermitDestAddrPattern(cfg.AllowedDestFqdn)
+	}
+
+	server, err := socks5.New(socks5conf)
 	if err != nil {
 		log.Fatal(err)
 	}