Need a unique gift idea?
A Pastebin account makes a great Christmas gift
SHARE
TWEET

danted for telegram

a guest Mar 20th, 2018 187 Never
Upgrade to PRO!
ENDING IN00days00hours00mins00secs
 
  1.  
  2. # $Id: sockd.conf,v 1.43 2005/12/26 16:35:26 michaels Exp $
  3. #
  4. # A sample danted.conf
  5. #
  6. #
  7. # The configfile is divided into three parts;
  8. #    1) serversettings
  9. #    2) rules
  10. #    3) routes
  11. #
  12. # The recommended order is:
  13. #   Serversettings:
  14. #               logoutput
  15. #               internal
  16. #               external
  17. #               method
  18. #               clientmethod
  19. #               users
  20. #               compatibility
  21. #               extension
  22. #               connecttimeout
  23. #               iotimeout
  24. #       srchost
  25. #
  26. #  Rules:
  27. #   client block/pass
  28. #       from to
  29. #       libwrap
  30. #       log
  31. #
  32. #     block/pass
  33. #       from to
  34. #       method
  35. #       command
  36. #       libwrap
  37. #       log
  38. #       protocol
  39. #       proxyprotocol
  40. #
  41. #  Routes:
  42.  
  43. # the server will log both via syslog, to stdout and to /var/log/lotsoflogs
  44. #logoutput: syslog stdout /var/log/lotsoflogs
  45. #logoutput: syslog /var/log/danted.logs
  46.  
  47. # The server will bind to the address 10.1.1.1, port 1080 and will only
  48. # accept connections going to that address.
  49. #internal: 10.1.1.1 port = 1080
  50. # Alternatively, the interface name can be used instead of the address.
  51. #
  52. #internal: eth0  port = 1080
  53. logoutput: stderr
  54. internal:  port=1080
  55. # all outgoing connections from the server will use the IP address
  56. # 195.168.1.1
  57. #i
  58. #external:
  59. #192.168.1.1
  60. external:
  61. # list over acceptable methods, order of preference.
  62. # A method not set here will never be selected.
  63. #
  64. # If the method field is not set in a rule, the global
  65. # method is filled in for that rule.
  66. #socksmethod: username
  67. #
  68. #method: username
  69. # methods for socks-rules.
  70. #method: username none #rfc931
  71.  
  72. # methods for client-rules.
  73. #clientmethod: none
  74.  
  75. #or if you want to allow rfc931 (ident) too
  76. #method: username rfc931 none
  77.  
  78. #or for PAM authentification
  79. #method: pam
  80.  
  81. #
  82. # An important section, pay attention.
  83. #
  84.  
  85. # when doing something that can require privilege, it will use the
  86. # userid:
  87. #user.privileged: root
  88.  
  89. # when running as usual, it will use the unprivileged userid of:
  90. #user.notprivileged: nobody
  91.  
  92. # If you compiled with libwrap support, what userid should it use
  93. # when executing your libwrap commands?  "libwrap".
  94. #user.libwrap: nobody
  95.  
  96.  
  97. #
  98. # some options to help clients with compatibility:
  99. #
  100.  
  101. # when a client connection comes in the socksserver will try to use
  102. # the same port as the client is using, when the socksserver
  103. # goes out on the clients behalf (external: IP address).
  104. # If this option is set, Dante will try to do it for reserved ports aswell.
  105. # This will usually require user.privileged to be set to "root".
  106. #compatibility: sameport
  107.  
  108. # If you are using the bind extension and have trouble running servers
  109. # via the server, you might try setting this.  The consequences of it
  110. # are unknown.
  111. #compatibility: reuseaddr
  112.  
  113. #
  114. # The Dante server supports some extensions to the socks protocol.
  115. # These require that the socks client implements the same extension and
  116. # can be enabled using the "extension" keyword.
  117. #
  118. # enable the bind extension.
  119. #extension: bind
  120.  
  121.  
  122. #
  123. #
  124. # misc options.
  125. #
  126.  
  127. # how many seconds can pass from when a client connects til it has
  128. # sent us it's request?  Adjust according to your network performance
  129. # and methods supported.
  130. #connecttimeout: 30   # on a lan, this should be enough if method is "none".
  131.  
  132. # how many seconds can the client and it's peer idle without sending
  133. # any data before we dump it?  Unless you disable tcp keep-alive for
  134. # some reason, it's probably best to set this to 0, which is
  135. # "forever".
  136. #iotimeout: 0 # or perhaps 86400, for a day.
  137.  
  138. # do you want to accept connections from addresses without
  139. # dns info?  what about addresses having a mismatch in dnsinfo?
  140. #srchost: nounknown nomismatch
  141.  
  142. #
  143. # The actual rules.  There are two kinds and they work at different levels.
  144. #
  145. # The rules prefixed with "client" are checked first and say who is allowed
  146. # and who is not allowed to speak/connect to the server.  I.e the
  147. # ip range containing possibly valid clients.
  148. # It is especially important that these only use IP addresses, not hostnames,
  149. # for security reasons.
  150. #
  151. # The rules that do not have a "client" prefix are checked later, when the
  152. # client has sent its request and are used to evaluate the actual
  153. # request.
  154. #
  155. # The "to:" in the "client" context gives the address the connection
  156. # is accepted on, i.e the address the socksserver is listening on, or
  157. # just "0.0.0.0/0" for any address the server is listening on.
  158. #
  159. # The "to:" in the non-"client" context gives the destination of the clients
  160. # socksrequest.
  161. #
  162. # "from:" is the source address in both contexts.
  163. #
  164.  
  165.  
  166. # the "client" rules.  All our clients come from the net 10.0.0.0/8.
  167. #
  168.  
  169. # Allow our clients, also provides an example of the port range command.
  170. #client pass {
  171. #   from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
  172. #   log: error 
  173. #method: rfc931 # match all idented users that also are in passwordfile
  174. #}
  175. #socks pass {
  176. #    from: 0.0.0.0/0 to: 0.0.0.0/0
  177. #    command: connect
  178. #    log: error
  179.  #   method: username
  180. #}
  181. # This is identical to above, but allows clients without a rfc931 (ident)
  182. # too.  In practise this means the socksserver will try to get a rfc931
  183. # reply first (the above rule), if that fails, it tries this rule.
  184. #client pass {
  185. #   from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
  186. #}
  187. #client pass {
  188. #from: 0.0.0.0/0 to: 0.0.0.0/0
  189. #log: connect disconnect iooperation
  190. #}
  191.  
  192. #pass {
  193. #from: 0.0.0.0/0 to: 0.0.0.0/0
  194. #command: connect udpassociate
  195. #log: connect disconnect iooperation
  196. #}
  197.  
  198. # drop everyone else as soon as we can and log the connect, they are not
  199. # on our net and have no business connecting to us.  This is the default
  200. # but if you give the rule yourself, you can specify details.
  201. #client block {
  202. #   from: 0.0.0.0/0 to: 0.0.0.0/0
  203. #   log: connect error
  204. #}
  205.  
  206.  
  207. # the rules controlling what clients are allowed what requests
  208. #
  209.  
  210. # you probably don't want people connecting to loopback addresses,
  211. # who knows what could happen then.
  212. #block {
  213. #   from: 0.0.0.0/0 to: 127.0.0.0/8
  214. #   log: connect error
  215. #}
  216.  
  217. # the people at the 172.16.0.0/12 are bad, no one should talk to them.
  218. # log the connect request and also provide an example on how to
  219. # interact with libwrap.
  220. #block {
  221. #   from: 0.0.0.0/0 to: 172.16.0.0/12
  222. #   libwrap: spawn finger @%a
  223. #   log: connect error
  224. #}
  225.  
  226. # unless you need it, you could block any bind requests.
  227. #block {
  228. #   from: 0.0.0.0/0 to: 0.0.0.0/0
  229. #   command: bind
  230. #   log: connect error
  231. #}
  232.  
  233. # or you might want to allow it, for instance "active" ftp uses it.
  234. # Note that a "bindreply" command must also be allowed, it
  235. # should usually by from "0.0.0.0/0", i.e if a client of yours
  236. # has permission to bind, it will also have permission to accept
  237. # the reply from anywhere.
  238. #pass {
  239. #   from: 10.0.0.0/8 to: 0.0.0.0/0
  240. #   command: bind
  241. #   log: connect error
  242. #}
  243.  
  244. # some connections expect some sort of "reply", this might be
  245. # the reply to a bind request or it may be the reply to a
  246. # udppacket, since udp is packetbased.
  247. # Note that nothing is done to verify that it's a "genuine" reply,
  248. # that is in general not possible anyway.  The below will allow
  249. # all "replies" in to your clients at the 10.0.0.0/8 net.
  250. #pass {
  251. #   from: 0.0.0.0/0 to: 10.0.0.0/8
  252. #   command: bindreply udpreply
  253. #   log: connect error
  254. #}
  255.  
  256.  
  257. # pass any http connects to the example.com domain if they
  258. # authenticate with username.
  259. # This matches "example.com" itself and everything ending in ".example.com".
  260. #pass {
  261. #   from: 10.0.0.0/8 to: .example.com port = http
  262. #   log: connect error
  263. #   method: username
  264. #}
  265.  
  266.  
  267.  
  268.  
  269. # block any other http connects to the example.com domain.
  270. #block {
  271. #   from: 0.0.0.0/0 to: .example.com port = http
  272. #   log: connect error
  273. #}
  274.  
  275. # everyone from our internal network, 10.0.0.0/8 is allowed to use
  276. # tcp and udp for everything else.
  277. #pass {
  278. #   from: 10.0.0.0/8 to: 0.0.0.0/0
  279. #   protocol: tcp udp
  280. #}
  281.  
  282. # last line, block everyone else.  This is the default but if you provide
  283. # one  yourself you can specify your own logging/actions
  284. #block {
  285. #   from: 0.0.0.0/0 to: 0.0.0.0/0
  286. #   log: connect error
  287. #}
  288. #client pass { from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0 }
  289. #pass { from: 0.0.0.0/0 to: 0.0.0.0/0 protocol: tcp udp }
  290. # route all http connects via an upstream socks server, aka "server-chaining".
  291. #route {
  292. # from: 10.0.0.0/8 to: 0.0.0.0/0 port = http via: socks.example.net port = socks
  293. #}
  294. clientmethod: none
  295. method: username none
  296.  
  297.  
  298. user.privileged: proxy
  299. user.notprivileged: nobody
  300. user.libwrap: nobody
  301.  
  302. connecttimeout: 60
  303. iotimeout: 3600
  304.  
  305. client pass {
  306.   from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
  307. }
  308.  
  309.  
  310. # Block connection to private networks
  311.  
  312. block {
  313.   from: 0.0.0.0/0 to: 127.0.0.0/8
  314.   log: connect error
  315.   protocol: tcp udp
  316. }
  317.  
  318. #block {
  319. #  from: 0.0.0.0/0 to: 192.168.0.0/16
  320. #  log: connect error
  321. #  protocol: tcp udp
  322. #}
  323.  
  324. # Allow connections to Telegram networks
  325. pass {
  326.   from: 0.0.0.0/0 to: 91.108.4.0/22
  327.   command: bind connect udpassociate
  328.   log: error
  329.   protocol: tcp udp
  330. }
  331.  
  332. pass {
  333.   from: 0.0.0.0/0 to: 91.108.56.0/22
  334.   command: bind connect udpassociate
  335.   log: error
  336.   protocol: tcp udp
  337. }
  338.  
  339. pass {
  340.   from: 0.0.0.0/0 to: 109.239.140.0/24
  341.   command: bind connect udpassociate
  342.   log: error
  343.   protocol: tcp udp
  344. }
  345.  
  346. pass {
  347.   from: 0.0.0.0/0 to: 149.154.164.0/22
  348.   command: bind connect udpassociate
  349.   log: error
  350.   protocol: tcp udp
  351. }
  352.  
  353. pass {
  354.   from: 0.0.0.0/0 to: 149.154.168.0/21
  355.   command: bind connect udpassociate
  356.   log: error
  357.   protocol: tcp udp
  358. }
  359.  
  360. pass {
  361.   from: 0.0.0.0/0 to: 149.154.163.0/22
  362.   command: bind connect udpassociate
  363.   log: error
  364.   protocol: tcp udp
  365. }
  366.  
  367. pass {
  368.   from: 0.0.0.0/0 to: 184.173.146.95/22
  369.   command: bind connect udpassociate
  370.   log: error
  371.   protocol: tcp udp
  372. }
  373.  
  374. pass {
  375.   from: 0.0.0.0/0 to: 184.173.145.235/22
  376.   command: bind connect udpassociate
  377.   log: error
  378.   protocol: tcp udp
  379. }
  380.  
  381. pass {
  382.   from: 0.0.0.0/0 to: 50.97.46.113/22
  383.   command: bind connect udpassociate
  384.   log: error
  385.   protocol: tcp udp
  386. }
  387.  
  388. pass {
  389.   from: 0.0.0.0/0 to: 75.125.38.3/22
  390.   command: bind connect udpassociate
  391.   log: error
  392.   protocol: tcp udp
  393. }
  394.  
  395. pass {
  396.   from: 0.0.0.0/0 to: 50.22.234.250/22
  397.   command: bind connect udpassociate
  398.   log: error
  399.   protocol: tcp udp
  400. }
  401.  
  402. pass {
  403.   from: 0.0.0.0/0 to: 50.97.37.240/22
  404.   command: bind connect udpassociate
  405.   log: error
  406.   protocol: tcp udp
  407. }
  408. pass {
  409.   from: 0.0.0.0/0 to: 149.154.163.40/22
  410.   command: bind connect udpassociate
  411.   log: error
  412.   protocol: tcp udp
  413. }
  414.  
  415. pass {
  416.   from: 0.0.0.0/0 to: 149.154.165.120/22
  417.   command: bind connect udpassociate
  418.   log: error
  419.   protocol: tcp udp
  420. }
  421.  
  422. pass {
  423.   from: 0.0.0.0/0 to: 149.154.163.40/22
  424.   command: bind connect udpassociate
  425.   log: error
  426.   protocol: tcp udp
  427. }
  428.  
  429. pass {
  430.   from: 0.0.0.0/0 to: 128.72.41.244/22
  431.   command: bind connect udpassociate
  432.   log: error
  433.   protocol: tcp udp
  434. }
  435.  
  436. pass {
  437.   from: 0.0.0.0/0 to: 52.90.187.159/22
  438.   command: bind connect udpassociate
  439.   log: error
  440.   protocol: tcp udp
  441. }
  442.  
  443. pass {
  444.   from: 0.0.0.0/0 to: 92.255.241.100/22
  445.   command: bind connect udpassociate
  446.   log: error
  447.   protocol: tcp udp
  448. }
  449.  
  450. # Block other connections
  451.  
  452. block {
  453.   from: 0.0.0.0/0 to: 0.0.0.0/0
  454.   log: connect error
  455. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top