API tools faq
paste
Advertisement
Guest User

danted for telegram

a guest
Mar 20th, 2018
519
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.08 KB | None | 0 0
raw download clone embed print report
  1.  
  2. # $Id: sockd.conf,v 1.43 2005/12/26 16:35:26 michaels Exp $
  3. #
  4. # A sample danted.conf
  5. #
  6. #
  7. # The configfile is divided into three parts;
  8. # 1) serversettings
  9. # 2) rules
  10. # 3) routes
  11. #
  12. # The recommended order is:
  13. # Serversettings:
  14. # logoutput
  15. # internal
  16. # external
  17. # method
  18. # clientmethod
  19. # users
  20. # compatibility
  21. # extension
  22. # connecttimeout
  23. # iotimeout
  24. # srchost
  25. #
  26. # Rules:
  27. # client block/pass
  28. # from to
  29. # libwrap
  30. # log
  31. #
  32. # block/pass
  33. # from to
  34. # method
  35. # command
  36. # libwrap
  37. # log
  38. # protocol
  39. # proxyprotocol
  40. #
  41. # Routes:
  42.  
  43. # the server will log both via syslog, to stdout and to /var/log/lotsoflogs
  44. #logoutput: syslog stdout /var/log/lotsoflogs
  45. #logoutput: syslog /var/log/danted.logs
  46.  
  47. # The server will bind to the address 10.1.1.1, port 1080 and will only
  48. # accept connections going to that address.
  49. #internal: 10.1.1.1 port = 1080
  50. # Alternatively, the interface name can be used instead of the address.
  51. #
  52. #internal: eth0 port = 1080
  53. logoutput: stderr
  54. internal: port=1080
  55. # all outgoing connections from the server will use the IP address
  56. # 195.168.1.1
  57. #i
  58. #external:
  59. #192.168.1.1
  60. external:
  61. # list over acceptable methods, order of preference.
  62. # A method not set here will never be selected.
  63. #
  64. # If the method field is not set in a rule, the global
  65. # method is filled in for that rule.
  66. #socksmethod: username
  67. #
  68. #method: username
  69. # methods for socks-rules.
  70. #method: username none #rfc931
  71.  
  72. # methods for client-rules.
  73. #clientmethod: none
  74.  
  75. #or if you want to allow rfc931 (ident) too
  76. #method: username rfc931 none
  77.  
  78. #or for PAM authentification
  79. #method: pam
  80.  
  81. #
  82. # An important section, pay attention.
  83. #
  84.  
  85. # when doing something that can require privilege, it will use the
  86. # userid:
  87. #user.privileged: root
  88.  
  89. # when running as usual, it will use the unprivileged userid of:
  90. #user.notprivileged: nobody
  91.  
  92. # If you compiled with libwrap support, what userid should it use
  93. # when executing your libwrap commands? "libwrap".
  94. #user.libwrap: nobody
  95.  
  96.  
  97. #
  98. # some options to help clients with compatibility:
  99. #
  100.  
  101. # when a client connection comes in the socksserver will try to use
  102. # the same port as the client is using, when the socksserver
  103. # goes out on the clients behalf (external: IP address).
  104. # If this option is set, Dante will try to do it for reserved ports aswell.
  105. # This will usually require user.privileged to be set to "root".
  106. #compatibility: sameport
  107.  
  108. # If you are using the bind extension and have trouble running servers
  109. # via the server, you might try setting this. The consequences of it
  110. # are unknown.
  111. #compatibility: reuseaddr
  112.  
  113. #
  114. # The Dante server supports some extensions to the socks protocol.
  115. # These require that the socks client implements the same extension and
  116. # can be enabled using the "extension" keyword.
  117. #
  118. # enable the bind extension.
  119. #extension: bind
  120.  
  121.  
  122. #
  123. #
  124. # misc options.
  125. #
  126.  
  127. # how many seconds can pass from when a client connects til it has
  128. # sent us it's request? Adjust according to your network performance
  129. # and methods supported.
  130. #connecttimeout: 30 # on a lan, this should be enough if method is "none".
  131.  
  132. # how many seconds can the client and it's peer idle without sending
  133. # any data before we dump it? Unless you disable tcp keep-alive for
  134. # some reason, it's probably best to set this to 0, which is
  135. # "forever".
  136. #iotimeout: 0 # or perhaps 86400, for a day.
  137.  
  138. # do you want to accept connections from addresses without
  139. # dns info? what about addresses having a mismatch in dnsinfo?
  140. #srchost: nounknown nomismatch
  141.  
  142. #
  143. # The actual rules. There are two kinds and they work at different levels.
  144. #
  145. # The rules prefixed with "client" are checked first and say who is allowed
  146. # and who is not allowed to speak/connect to the server. I.e the
  147. # ip range containing possibly valid clients.
  148. # It is especially important that these only use IP addresses, not hostnames,
  149. # for security reasons.
  150. #
  151. # The rules that do not have a "client" prefix are checked later, when the
  152. # client has sent its request and are used to evaluate the actual
  153. # request.
  154. #
  155. # The "to:" in the "client" context gives the address the connection
  156. # is accepted on, i.e the address the socksserver is listening on, or
  157. # just "0.0.0.0/0" for any address the server is listening on.
  158. #
  159. # The "to:" in the non-"client" context gives the destination of the clients
  160. # socksrequest.
  161. #
  162. # "from:" is the source address in both contexts.
  163. #
  164.  
  165.  
  166. # the "client" rules. All our clients come from the net 10.0.0.0/8.
  167. #
  168.  
  169. # Allow our clients, also provides an example of the port range command.
  170. #client pass {
  171. # from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
  172. # log: error
  173. #method: rfc931 # match all idented users that also are in passwordfile
  174. #}
  175. #socks pass {
  176. # from: 0.0.0.0/0 to: 0.0.0.0/0
  177. # command: connect
  178. # log: error
  179. # method: username
  180. #}
  181. # This is identical to above, but allows clients without a rfc931 (ident)
  182. # too. In practise this means the socksserver will try to get a rfc931
  183. # reply first (the above rule), if that fails, it tries this rule.
  184. #client pass {
  185. # from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
  186. #}
  187. #client pass {
  188. #from: 0.0.0.0/0 to: 0.0.0.0/0
  189. #log: connect disconnect iooperation
  190. #}
  191.  
  192. #pass {
  193. #from: 0.0.0.0/0 to: 0.0.0.0/0
  194. #command: connect udpassociate
  195. #log: connect disconnect iooperation
  196. #}
  197.  
  198. # drop everyone else as soon as we can and log the connect, they are not
  199. # on our net and have no business connecting to us. This is the default
  200. # but if you give the rule yourself, you can specify details.
  201. #client block {
  202. # from: 0.0.0.0/0 to: 0.0.0.0/0
  203. # log: connect error
  204. #}
  205.  
  206.  
  207. # the rules controlling what clients are allowed what requests
  208. #
  209.  
  210. # you probably don't want people connecting to loopback addresses,
  211. # who knows what could happen then.
  212. #block {
  213. # from: 0.0.0.0/0 to: 127.0.0.0/8
  214. # log: connect error
  215. #}
  216.  
  217. # the people at the 172.16.0.0/12 are bad, no one should talk to them.
  218. # log the connect request and also provide an example on how to
  219. # interact with libwrap.
  220. #block {
  221. # from: 0.0.0.0/0 to: 172.16.0.0/12
  222. # libwrap: spawn finger @%a
  223. # log: connect error
  224. #}
  225.  
  226. # unless you need it, you could block any bind requests.
  227. #block {
  228. # from: 0.0.0.0/0 to: 0.0.0.0/0
  229. # command: bind
  230. # log: connect error
  231. #}
  232.  
  233. # or you might want to allow it, for instance "active" ftp uses it.
  234. # Note that a "bindreply" command must also be allowed, it
  235. # should usually by from "0.0.0.0/0", i.e if a client of yours
  236. # has permission to bind, it will also have permission to accept
  237. # the reply from anywhere.
  238. #pass {
  239. # from: 10.0.0.0/8 to: 0.0.0.0/0
  240. # command: bind
  241. # log: connect error
  242. #}
  243.  
  244. # some connections expect some sort of "reply", this might be
  245. # the reply to a bind request or it may be the reply to a
  246. # udppacket, since udp is packetbased.
  247. # Note that nothing is done to verify that it's a "genuine" reply,
  248. # that is in general not possible anyway. The below will allow
  249. # all "replies" in to your clients at the 10.0.0.0/8 net.
  250. #pass {
  251. # from: 0.0.0.0/0 to: 10.0.0.0/8
  252. # command: bindreply udpreply
  253. # log: connect error
  254. #}
  255.  
  256.  
  257. # pass any http connects to the example.com domain if they
  258. # authenticate with username.
  259. # This matches "example.com" itself and everything ending in ".example.com".
  260. #pass {
  261. # from: 10.0.0.0/8 to: .example.com port = http
  262. # log: connect error
  263. # method: username
  264. #}
  265.  
  266.  
  267.  
  268.  
  269. # block any other http connects to the example.com domain.
  270. #block {
  271. # from: 0.0.0.0/0 to: .example.com port = http
  272. # log: connect error
  273. #}
  274.  
  275. # everyone from our internal network, 10.0.0.0/8 is allowed to use
  276. # tcp and udp for everything else.
  277. #pass {
  278. # from: 10.0.0.0/8 to: 0.0.0.0/0
  279. # protocol: tcp udp
  280. #}
  281.  
  282. # last line, block everyone else. This is the default but if you provide
  283. # one yourself you can specify your own logging/actions
  284. #block {
  285. # from: 0.0.0.0/0 to: 0.0.0.0/0
  286. # log: connect error
  287. #}
  288. #client pass { from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0 }
  289. #pass { from: 0.0.0.0/0 to: 0.0.0.0/0 protocol: tcp udp }
  290. # route all http connects via an upstream socks server, aka "server-chaining".
  291. #route {
  292. # from: 10.0.0.0/8 to: 0.0.0.0/0 port = http via: socks.example.net port = socks
  293. #}
  294. clientmethod: none
  295. method: username none
  296.  
  297.  
  298. user.privileged: proxy
  299. user.notprivileged: nobody
  300. user.libwrap: nobody
  301.  
  302. connecttimeout: 60
  303. iotimeout: 3600
  304.  
  305. client pass {
  306. from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
  307. }
  308.  
  309.  
  310. # Block connection to private networks
  311.  
  312. block {
  313. from: 0.0.0.0/0 to: 127.0.0.0/8
  314. log: connect error
  315. protocol: tcp udp
  316. }
  317.  
  318. #block {
  319. # from: 0.0.0.0/0 to: 192.168.0.0/16
  320. # log: connect error
  321. # protocol: tcp udp
  322. #}
  323.  
  324. # Allow connections to Telegram networks
  325. pass {
  326. from: 0.0.0.0/0 to: 91.108.4.0/22
  327. command: bind connect udpassociate
  328. log: error
  329. protocol: tcp udp
  330. }
  331.  
  332. pass {
  333. from: 0.0.0.0/0 to: 91.108.56.0/22
  334. command: bind connect udpassociate
  335. log: error
  336. protocol: tcp udp
  337. }
  338.  
  339. pass {
  340. from: 0.0.0.0/0 to: 109.239.140.0/24
  341. command: bind connect udpassociate
  342. log: error
  343. protocol: tcp udp
  344. }
  345.  
  346. pass {
  347. from: 0.0.0.0/0 to: 149.154.164.0/22
  348. command: bind connect udpassociate
  349. log: error
  350. protocol: tcp udp
  351. }
  352.  
  353. pass {
  354. from: 0.0.0.0/0 to: 149.154.168.0/21
  355. command: bind connect udpassociate
  356. log: error
  357. protocol: tcp udp
  358. }
  359.  
  360. pass {
  361. from: 0.0.0.0/0 to: 149.154.163.0/22
  362. command: bind connect udpassociate
  363. log: error
  364. protocol: tcp udp
  365. }
  366.  
  367. pass {
  368. from: 0.0.0.0/0 to: 184.173.146.95/22
  369. command: bind connect udpassociate
  370. log: error
  371. protocol: tcp udp
  372. }
  373.  
  374. pass {
  375. from: 0.0.0.0/0 to: 184.173.145.235/22
  376. command: bind connect udpassociate
  377. log: error
  378. protocol: tcp udp
  379. }
  380.  
  381. pass {
  382. from: 0.0.0.0/0 to: 50.97.46.113/22
  383. command: bind connect udpassociate
  384. log: error
  385. protocol: tcp udp
  386. }
  387.  
  388. pass {
  389. from: 0.0.0.0/0 to: 75.125.38.3/22
  390. command: bind connect udpassociate
  391. log: error
  392. protocol: tcp udp
  393. }
  394.  
  395. pass {
  396. from: 0.0.0.0/0 to: 50.22.234.250/22
  397. command: bind connect udpassociate
  398. log: error
  399. protocol: tcp udp
  400. }
  401.  
  402. pass {
  403. from: 0.0.0.0/0 to: 50.97.37.240/22
  404. command: bind connect udpassociate
  405. log: error
  406. protocol: tcp udp
  407. }
  408. pass {
  409. from: 0.0.0.0/0 to: 149.154.163.40/22
  410. command: bind connect udpassociate
  411. log: error
  412. protocol: tcp udp
  413. }
  414.  
  415. pass {
  416. from: 0.0.0.0/0 to: 149.154.165.120/22
  417. command: bind connect udpassociate
  418. log: error
  419. protocol: tcp udp
  420. }
  421.  
  422. pass {
  423. from: 0.0.0.0/0 to: 149.154.163.40/22
  424. command: bind connect udpassociate
  425. log: error
  426. protocol: tcp udp
  427. }
  428.  
  429. pass {
  430. from: 0.0.0.0/0 to: 128.72.41.244/22
  431. command: bind connect udpassociate
  432. log: error
  433. protocol: tcp udp
  434. }
  435.  
  436. pass {
  437. from: 0.0.0.0/0 to: 52.90.187.159/22
  438. command: bind connect udpassociate
  439. log: error
  440. protocol: tcp udp
  441. }
  442.  
  443. pass {
  444. from: 0.0.0.0/0 to: 92.255.241.100/22
  445. command: bind connect udpassociate
  446. log: error
  447. protocol: tcp udp
  448. }
  449.  
  450. # Block other connections
  451.  
  452. block {
  453. from: 0.0.0.0/0 to: 0.0.0.0/0
  454. log: connect error
  455. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!