Problem of simultaneous usage of UDP associate and deny deny * * 127.0.0.1/8

[GregoryKomissarov]

Hi! First of all, thank you for a good OSS product. I want to make work UDP associate and not let proxy clients connect to the loopback interface.
OS:Ubuntu 22.04.4 LTS
3proxy-0.9.4

If I'm putting deny before allow - TCP over socks5 works well but not the UDP:

# log entry
240417094120.422 1080 00001 greg 10.20.30.40:54204 0.0.0.0:0 0 0 0 UDPMAP 0.0.0.0:0

# config entry
nscache 65536
nserver 8.8.8.8
nserver 8.8.4.4

config /conf/3proxy.cfg
monitor /conf/3proxy.cfg

log /logs/3proxy-%y%m%d.log D
rotate 60
counter /count/3proxy.3cf

users $/conf/passwd

include /conf/counters
include /conf/bandlimiters

auth strong
deny * * 127.0.0.0/8
allow * * * *
socks
flush

If I'm commenting deny section or moving after allow - UDP associate works also well.

# log entry
240417094445.669 1080 00000 greg 10.20.30.40:54751 194.76.46.8:80 21 91 0 UDPMAP 0.0.0.0:0

How to make UDP associate work and at the same time not allow clients to connect to 127.0.0.1/8?
Thanks in advance!

[iMiMx]

Good catch! Been fiddling/battling with UDP myself ... as soon as I comment out (any) 'deny' for SOCKS, everything works.

Presumably you've not found a work around? I haven't yet built from the latest master, that was going to be my next step, when I saw your post.

EDIT: Built a deb of the latest master, seems to work ok now - will test further.

flush
deny * * 192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,127.0.0.1 * *
deny * * * 25
allow *
socks