decrypting SOCKS proxy
sockhole: Listen on the network by default, limit connections from LAN
+27
-1
+27
-1
sockhole.rb
+27
-1
sockhole.rb
···
31
31
995, # pop3s
32
32
]
33
33
34
+
# by default, listen on the first non-loopback IPv4 address we can find or
35
+
# fallback to 127.0.0.1
34
36
LISTEN_PORT = 1080
35
-
LISTEN_IP = "0.0.0.0"
37
+
LISTEN_IP = (Socket.ip_address_list.select{|a| a.ipv4? && !a.ipv4_loopback? }
38
+
.map{|i| i.ip_unpack[0] }.first || "127.0.0.1")
39
+
40
+
# and limit connections from IPs on our local /24 network
41
+
ALLOWED_IPS = [
42
+
"127.0.0.1/32",
43
+
"#{LISTEN_IP}/24",
44
+
]
36
45
37
46
LOGGER = Logger.new(STDOUT)
38
47
if ARGV[0] == "-d"
···
162
171
def initialize
163
172
@state = :INIT
164
173
port, @ip = Socket.unpack_sockaddr_in(get_peername)
174
+
175
+
if !allow_connection?
176
+
# TODO: does eventmachine have a way to prevent the connection from even
177
+
# happening in the first place?
178
+
log :warn, "connection from #{ip} denied, not in allow list"
179
+
close_connection
180
+
end
181
+
end
182
+
183
+
def allow_connection?
184
+
ALLOWED_IPS.each do |r|
185
+
if IPAddr.new(r).to_range.include?(ip)
186
+
return true
187
+
end
188
+
end
189
+
190
+
false
165
191
end
166
192
167
193
def log(prio, str)