Advertisement
Guest User

danted for telegram

a guest
Mar 20th, 2018
532
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.08 KB | None | 0 0
  1.  
  2. # $Id: sockd.conf,v 1.43 2005/12/26 16:35:26 michaels Exp $
  3. #
  4. # A sample danted.conf
  5. #
  6. #
  7. # The configfile is divided into three parts;
  8. # 1) serversettings
  9. # 2) rules
  10. # 3) routes
  11. #
  12. # The recommended order is:
  13. # Serversettings:
  14. # logoutput
  15. # internal
  16. # external
  17. # method
  18. # clientmethod
  19. # users
  20. # compatibility
  21. # extension
  22. # connecttimeout
  23. # iotimeout
  24. # srchost
  25. #
  26. # Rules:
  27. # client block/pass
  28. # from to
  29. # libwrap
  30. # log
  31. #
  32. # block/pass
  33. # from to
  34. # method
  35. # command
  36. # libwrap
  37. # log
  38. # protocol
  39. # proxyprotocol
  40. #
  41. # Routes:
  42.  
  43. # the server will log both via syslog, to stdout and to /var/log/lotsoflogs
  44. #logoutput: syslog stdout /var/log/lotsoflogs
  45. #logoutput: syslog /var/log/danted.logs
  46.  
  47. # The server will bind to the address 10.1.1.1, port 1080 and will only
  48. # accept connections going to that address.
  49. #internal: 10.1.1.1 port = 1080
  50. # Alternatively, the interface name can be used instead of the address.
  51. #
  52. #internal: eth0 port = 1080
  53. logoutput: stderr
  54. internal: port=1080
  55. # all outgoing connections from the server will use the IP address
  56. # 195.168.1.1
  57. #i
  58. #external:
  59. #192.168.1.1
  60. external:
  61. # list over acceptable methods, order of preference.
  62. # A method not set here will never be selected.
  63. #
  64. # If the method field is not set in a rule, the global
  65. # method is filled in for that rule.
  66. #socksmethod: username
  67. #
  68. #method: username
  69. # methods for socks-rules.
  70. #method: username none #rfc931
  71.  
  72. # methods for client-rules.
  73. #clientmethod: none
  74.  
  75. #or if you want to allow rfc931 (ident) too
  76. #method: username rfc931 none
  77.  
  78. #or for PAM authentification
  79. #method: pam
  80.  
  81. #
  82. # An important section, pay attention.
  83. #
  84.  
  85. # when doing something that can require privilege, it will use the
  86. # userid:
  87. #user.privileged: root
  88.  
  89. # when running as usual, it will use the unprivileged userid of:
  90. #user.notprivileged: nobody
  91.  
  92. # If you compiled with libwrap support, what userid should it use
  93. # when executing your libwrap commands? "libwrap".
  94. #user.libwrap: nobody
  95.  
  96.  
  97. #
  98. # some options to help clients with compatibility:
  99. #
  100.  
  101. # when a client connection comes in the socksserver will try to use
  102. # the same port as the client is using, when the socksserver
  103. # goes out on the clients behalf (external: IP address).
  104. # If this option is set, Dante will try to do it for reserved ports aswell.
  105. # This will usually require user.privileged to be set to "root".
  106. #compatibility: sameport
  107.  
  108. # If you are using the bind extension and have trouble running servers
  109. # via the server, you might try setting this. The consequences of it
  110. # are unknown.
  111. #compatibility: reuseaddr
  112.  
  113. #
  114. # The Dante server supports some extensions to the socks protocol.
  115. # These require that the socks client implements the same extension and
  116. # can be enabled using the "extension" keyword.
  117. #
  118. # enable the bind extension.
  119. #extension: bind
  120.  
  121.  
  122. #
  123. #
  124. # misc options.
  125. #
  126.  
  127. # how many seconds can pass from when a client connects til it has
  128. # sent us it's request? Adjust according to your network performance
  129. # and methods supported.
  130. #connecttimeout: 30 # on a lan, this should be enough if method is "none".
  131.  
  132. # how many seconds can the client and it's peer idle without sending
  133. # any data before we dump it? Unless you disable tcp keep-alive for
  134. # some reason, it's probably best to set this to 0, which is
  135. # "forever".
  136. #iotimeout: 0 # or perhaps 86400, for a day.
  137.  
  138. # do you want to accept connections from addresses without
  139. # dns info? what about addresses having a mismatch in dnsinfo?
  140. #srchost: nounknown nomismatch
  141.  
  142. #
  143. # The actual rules. There are two kinds and they work at different levels.
  144. #
  145. # The rules prefixed with "client" are checked first and say who is allowed
  146. # and who is not allowed to speak/connect to the server. I.e the
  147. # ip range containing possibly valid clients.
  148. # It is especially important that these only use IP addresses, not hostnames,
  149. # for security reasons.
  150. #
  151. # The rules that do not have a "client" prefix are checked later, when the
  152. # client has sent its request and are used to evaluate the actual
  153. # request.
  154. #
  155. # The "to:" in the "client" context gives the address the connection
  156. # is accepted on, i.e the address the socksserver is listening on, or
  157. # just "0.0.0.0/0" for any address the server is listening on.
  158. #
  159. # The "to:" in the non-"client" context gives the destination of the clients
  160. # socksrequest.
  161. #
  162. # "from:" is the source address in both contexts.
  163. #
  164.  
  165.  
  166. # the "client" rules. All our clients come from the net 10.0.0.0/8.
  167. #
  168.  
  169. # Allow our clients, also provides an example of the port range command.
  170. #client pass {
  171. # from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
  172. # log: error
  173. #method: rfc931 # match all idented users that also are in passwordfile
  174. #}
  175. #socks pass {
  176. # from: 0.0.0.0/0 to: 0.0.0.0/0
  177. # command: connect
  178. # log: error
  179. # method: username
  180. #}
  181. # This is identical to above, but allows clients without a rfc931 (ident)
  182. # too. In practise this means the socksserver will try to get a rfc931
  183. # reply first (the above rule), if that fails, it tries this rule.
  184. #client pass {
  185. # from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
  186. #}
  187. #client pass {
  188. #from: 0.0.0.0/0 to: 0.0.0.0/0
  189. #log: connect disconnect iooperation
  190. #}
  191.  
  192. #pass {
  193. #from: 0.0.0.0/0 to: 0.0.0.0/0
  194. #command: connect udpassociate
  195. #log: connect disconnect iooperation
  196. #}
  197.  
  198. # drop everyone else as soon as we can and log the connect, they are not
  199. # on our net and have no business connecting to us. This is the default
  200. # but if you give the rule yourself, you can specify details.
  201. #client block {
  202. # from: 0.0.0.0/0 to: 0.0.0.0/0
  203. # log: connect error
  204. #}
  205.  
  206.  
  207. # the rules controlling what clients are allowed what requests
  208. #
  209.  
  210. # you probably don't want people connecting to loopback addresses,
  211. # who knows what could happen then.
  212. #block {
  213. # from: 0.0.0.0/0 to: 127.0.0.0/8
  214. # log: connect error
  215. #}
  216.  
  217. # the people at the 172.16.0.0/12 are bad, no one should talk to them.
  218. # log the connect request and also provide an example on how to
  219. # interact with libwrap.
  220. #block {
  221. # from: 0.0.0.0/0 to: 172.16.0.0/12
  222. # libwrap: spawn finger @%a
  223. # log: connect error
  224. #}
  225.  
  226. # unless you need it, you could block any bind requests.
  227. #block {
  228. # from: 0.0.0.0/0 to: 0.0.0.0/0
  229. # command: bind
  230. # log: connect error
  231. #}
  232.  
  233. # or you might want to allow it, for instance "active" ftp uses it.
  234. # Note that a "bindreply" command must also be allowed, it
  235. # should usually by from "0.0.0.0/0", i.e if a client of yours
  236. # has permission to bind, it will also have permission to accept
  237. # the reply from anywhere.
  238. #pass {
  239. # from: 10.0.0.0/8 to: 0.0.0.0/0
  240. # command: bind
  241. # log: connect error
  242. #}
  243.  
  244. # some connections expect some sort of "reply", this might be
  245. # the reply to a bind request or it may be the reply to a
  246. # udppacket, since udp is packetbased.
  247. # Note that nothing is done to verify that it's a "genuine" reply,
  248. # that is in general not possible anyway. The below will allow
  249. # all "replies" in to your clients at the 10.0.0.0/8 net.
  250. #pass {
  251. # from: 0.0.0.0/0 to: 10.0.0.0/8
  252. # command: bindreply udpreply
  253. # log: connect error
  254. #}
  255.  
  256.  
  257. # pass any http connects to the example.com domain if they
  258. # authenticate with username.
  259. # This matches "example.com" itself and everything ending in ".example.com".
  260. #pass {
  261. # from: 10.0.0.0/8 to: .example.com port = http
  262. # log: connect error
  263. # method: username
  264. #}
  265.  
  266.  
  267.  
  268.  
  269. # block any other http connects to the example.com domain.
  270. #block {
  271. # from: 0.0.0.0/0 to: .example.com port = http
  272. # log: connect error
  273. #}
  274.  
  275. # everyone from our internal network, 10.0.0.0/8 is allowed to use
  276. # tcp and udp for everything else.
  277. #pass {
  278. # from: 10.0.0.0/8 to: 0.0.0.0/0
  279. # protocol: tcp udp
  280. #}
  281.  
  282. # last line, block everyone else. This is the default but if you provide
  283. # one yourself you can specify your own logging/actions
  284. #block {
  285. # from: 0.0.0.0/0 to: 0.0.0.0/0
  286. # log: connect error
  287. #}
  288. #client pass { from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0 }
  289. #pass { from: 0.0.0.0/0 to: 0.0.0.0/0 protocol: tcp udp }
  290. # route all http connects via an upstream socks server, aka "server-chaining".
  291. #route {
  292. # from: 10.0.0.0/8 to: 0.0.0.0/0 port = http via: socks.example.net port = socks
  293. #}
  294. clientmethod: none
  295. method: username none
  296.  
  297.  
  298. user.privileged: proxy
  299. user.notprivileged: nobody
  300. user.libwrap: nobody
  301.  
  302. connecttimeout: 60
  303. iotimeout: 3600
  304.  
  305. client pass {
  306. from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
  307. }
  308.  
  309.  
  310. # Block connection to private networks
  311.  
  312. block {
  313. from: 0.0.0.0/0 to: 127.0.0.0/8
  314. log: connect error
  315. protocol: tcp udp
  316. }
  317.  
  318. #block {
  319. # from: 0.0.0.0/0 to: 192.168.0.0/16
  320. # log: connect error
  321. # protocol: tcp udp
  322. #}
  323.  
  324. # Allow connections to Telegram networks
  325. pass {
  326. from: 0.0.0.0/0 to: 91.108.4.0/22
  327. command: bind connect udpassociate
  328. log: error
  329. protocol: tcp udp
  330. }
  331.  
  332. pass {
  333. from: 0.0.0.0/0 to: 91.108.56.0/22
  334. command: bind connect udpassociate
  335. log: error
  336. protocol: tcp udp
  337. }
  338.  
  339. pass {
  340. from: 0.0.0.0/0 to: 109.239.140.0/24
  341. command: bind connect udpassociate
  342. log: error
  343. protocol: tcp udp
  344. }
  345.  
  346. pass {
  347. from: 0.0.0.0/0 to: 149.154.164.0/22
  348. command: bind connect udpassociate
  349. log: error
  350. protocol: tcp udp
  351. }
  352.  
  353. pass {
  354. from: 0.0.0.0/0 to: 149.154.168.0/21
  355. command: bind connect udpassociate
  356. log: error
  357. protocol: tcp udp
  358. }
  359.  
  360. pass {
  361. from: 0.0.0.0/0 to: 149.154.163.0/22
  362. command: bind connect udpassociate
  363. log: error
  364. protocol: tcp udp
  365. }
  366.  
  367. pass {
  368. from: 0.0.0.0/0 to: 184.173.146.95/22
  369. command: bind connect udpassociate
  370. log: error
  371. protocol: tcp udp
  372. }
  373.  
  374. pass {
  375. from: 0.0.0.0/0 to: 184.173.145.235/22
  376. command: bind connect udpassociate
  377. log: error
  378. protocol: tcp udp
  379. }
  380.  
  381. pass {
  382. from: 0.0.0.0/0 to: 50.97.46.113/22
  383. command: bind connect udpassociate
  384. log: error
  385. protocol: tcp udp
  386. }
  387.  
  388. pass {
  389. from: 0.0.0.0/0 to: 75.125.38.3/22
  390. command: bind connect udpassociate
  391. log: error
  392. protocol: tcp udp
  393. }
  394.  
  395. pass {
  396. from: 0.0.0.0/0 to: 50.22.234.250/22
  397. command: bind connect udpassociate
  398. log: error
  399. protocol: tcp udp
  400. }
  401.  
  402. pass {
  403. from: 0.0.0.0/0 to: 50.97.37.240/22
  404. command: bind connect udpassociate
  405. log: error
  406. protocol: tcp udp
  407. }
  408. pass {
  409. from: 0.0.0.0/0 to: 149.154.163.40/22
  410. command: bind connect udpassociate
  411. log: error
  412. protocol: tcp udp
  413. }
  414.  
  415. pass {
  416. from: 0.0.0.0/0 to: 149.154.165.120/22
  417. command: bind connect udpassociate
  418. log: error
  419. protocol: tcp udp
  420. }
  421.  
  422. pass {
  423. from: 0.0.0.0/0 to: 149.154.163.40/22
  424. command: bind connect udpassociate
  425. log: error
  426. protocol: tcp udp
  427. }
  428.  
  429. pass {
  430. from: 0.0.0.0/0 to: 128.72.41.244/22
  431. command: bind connect udpassociate
  432. log: error
  433. protocol: tcp udp
  434. }
  435.  
  436. pass {
  437. from: 0.0.0.0/0 to: 52.90.187.159/22
  438. command: bind connect udpassociate
  439. log: error
  440. protocol: tcp udp
  441. }
  442.  
  443. pass {
  444. from: 0.0.0.0/0 to: 92.255.241.100/22
  445. command: bind connect udpassociate
  446. log: error
  447. protocol: tcp udp
  448. }
  449.  
  450. # Block other connections
  451.  
  452. block {
  453. from: 0.0.0.0/0 to: 0.0.0.0/0
  454. log: connect error
  455. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement