# /usr/local/etc/sockd.conf
# Please note: For use on FreeBSD systems (hosts or jails) only !
#
# Replace ALL(!) [% extIP %] by the IP address of your own system/jail
# Processing with:  tpage --define extIP=xx.xx.xx.xx sockd.conf.template > sockd.conf

logoutput: /var/log/sockd.log

internal: 127.0.0.1 port = 1080
external: [% extIP %]

method: none
clientmethod: none

user.privileged: proxy
user.notprivileged: nobody
# user.libwrap: nobody

client pass {
        from: 127.0.0.1/32 port 1-65535 to: 0.0.0.0/0
}

client pass {
        from: [% extIP %]/32 port 1-65535 to: 0.0.0.0/0
}

client block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}

block {
        from: 0.0.0.0/0 to: 127.0.0.0/8
        log: connect error
}

block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bind
        log: connect error
}

block {
        from: 127.0.0.1/32 to: 0.0.0.0/0
        command: bind
        log: connect error
}

block {
        from: [% extIP %]/32 to: 0.0.0.0/0
        command: bind
        log: connect error
}


# port 25 should be blocked to avoid usage for spammer
block {
        from: 127.0.0.1/32 to: 0.0.0.0/0 port = 25
        log: connect error
}
block {
        from: [% extIP %]/32 to: 0.0.0.0/0 port = 25
        log: connect error
}


pass {
        from: 127.0.0.1/32  to: 0.0.0.0/0
        protocol: tcp
}

pass {
        from: [% extIP %]/32  to: 0.0.0.0/0
        protocol: tcp
}

block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}