Closed auyongtc closed 10 years ago
Currently sniproxy doesn't support access lists. I haven't considered this a high priority:
See also #93, #44
Thanks for the detailed response! The reason for asking this is because iptables is not useful in my situation where ISPs in my country uses mandatory transparent proxies (a whole cluster of them) for any outgoing HTTP port 80 connections.
I don't see how outbound transparent proxies for port 80, prevent using iptables to inbound traffic to whatever port SNIProxy is listening on.
iptables -A INPUT -m tcp -p tcp -s $TRUSTED_IP1 --dport $SNIPROXY_PORT -j ACCEPT
iptables -A INPUT -m tcp -p tcp -s $TRUSTED_IP2 --dport $SNIPROXY_PORT -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport $SNIPROXY_PORT -j DROP
Alternatively you could try verify new connections in accept_connection()
with TCP wrappers or similar, be sure to return 1 when rejecting connections, otherwise accept_cb()
will suspend accepting new connections for 2 seconds.
Hi there,
Was wondering if the code is able to accommodate an IP access list in config file to validate the access for incoming connections to sniproxy?
Thanks!