# /etc/danted.conf
# Please note: For use on Linux systems !
#
# Replace [% extIP %] by the IP address of your own system !

logoutput: /var/log/sockd/sockd

internal: 127.0.0.1 port = 1080
external: [% extIP %]

# methods for socks-rules.
method: none

# methods for client-rules.
clientmethod: none

# when doing something that can require privilege, it will use the userid:
user.privileged: proxy

# when running as usual, it will use the unprivileged userid of:
user.notprivileged: nobody


# the "client" rules.  All our clients come from the localhost 127.0.0.1.

client pass {
	from: 127.0.0.1/32 port 1-65535 to: 0.0.0.0/0
}

client block {
	from: 0.0.0.0/0 to: 0.0.0.0/0
	log: connect error
}

block {
	from: 0.0.0.0/0 to: 127.0.0.0/8
	log: connect error
}

block {
	from: 0.0.0.0/0 to: 0.0.0.0/0
	command: bind
	log: connect error
}

block {
	from: 127.0.0.1/32 to: 0.0.0.0/0
	command: bind
	log: connect error
}


#to avoid spam block typical smtp ports
block {
	from: 127.0.0.1/32 to: 0.0.0.0/0 port = 25
	log: connect error
}

#everyone from localhost 127.0.0.1/32 is allowed to use tcp
pass {
	from: 127.0.0.1/32  to: 0.0.0.0/0
        protocol: tcp
}

# last line, block everyone else. 
block {
	from: 0.0.0.0/0 to: 0.0.0.0/0
	log: connect error
}