vbatts/shadowsocks
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

deny localhost and localnet access on server

Browse source
This commit is contained in:
BlueN 2013-10-10 19:21:48 +08:00
parent 2994e40e31
commit 8ba1b9df64
1 changed files with 20 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

23
shadowsocks/server.py
View file

@ -120,12 +120,19 @@ class Socks5Server(SocketServer.StreamRequestHandler):
# Connection refused # Connection refused
logging.warn(e) logging.warn(e)
return return
addr = remote.getpeername()[0]
if not ALLOW_LOCAL:
for ip in LOCAL_ADDR:
if addr.startswith(ip):
logging.warn('%s is denied.' % addr)
return
self.handle_tcp(sock, remote) self.handle_tcp(sock, remote)
except socket.error, e: except socket.error, e:
logging.warn(e) logging.warn(e)
def main(): def main():
global SERVER, PORT, KEY, METHOD, IPv6 global SERVER, PORT, KEY, METHOD, IPv6, ALLOW_LOCAL, LOCAL_ADDR
logging.basicConfig(level=logging.DEBUG, logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(levelname)-8s %(message)s', format='%(asctime)s %(levelname)-8s %(message)s',
@ -142,9 +149,14 @@ def main():
KEY = None KEY = None
METHOD = None METHOD = None
IPv6 = False IPv6 = False
ALLOW_LOCAL = False
LOCAL_ADDR = ('127.', '10.', '169.254.', '172.16', '172.17', '172.18',
'172.19.', '172.20.', '172.21.', '172.22.', '172.23.',
'172.24.', '172.25.', '172.26.', '172.27.', '172.28.',
'172.29.', '172.30.', '172.31.', '192.168.', '::1')
config_path = utils.find_config() config_path = utils.find_config()
optlist, args = getopt.getopt(sys.argv[1:], 's:p:k:m:c:6') optlist, args = getopt.getopt(sys.argv[1:], 's:p:k:m:c:6:l')
for key, value in optlist: for key, value in optlist:
if key == '-c': if key == '-c':
config_path = value config_path = value
@ -154,7 +166,7 @@ def main():
config = json.load(f) config = json.load(f)
logging.info('loading config from %s' % config_path) logging.info('loading config from %s' % config_path)
optlist, args = getopt.getopt(sys.argv[1:], 's:p:k:m:c:6') optlist, args = getopt.getopt(sys.argv[1:], 's:p:k:m:c:6:l')
for key, value in optlist: for key, value in optlist:
if key == '-p': if key == '-p':
config['server_port'] = int(value) config['server_port'] = int(value)
@ -166,11 +178,16 @@ def main():
config['method'] = value config['method'] = value
elif key == '-6': elif key == '-6':
IPv6 = True IPv6 = True
elif key == '-l':
ALLOW_LOCAL = True
SERVER = config['server'] SERVER = config['server']
PORT = config['server_port'] PORT = config['server_port']
KEY = config['password'] KEY = config['password']
METHOD = config.get('method', None) METHOD = config.get('method', None)
if 'allow_local' in config:
if config['allow_config']:
ALLOW_LOCAL = True
if not KEY and not config_path: if not KEY and not config_path:
sys.exit('config not specified, please read https://github.com/clowwindy/shadowsocks') sys.exit('config not specified, please read https://github.com/clowwindy/shadowsocks')