Kneesocks is dockerized socks server, with a lot of restriction features like whitelist, blacklist, rate limiting and more.
Our official docker image located ad docker hub.
| Protocol Functionality | V4 | V4a | V5 |
|---|---|---|---|
| Connect | + | + | + |
| Bind | * | * | * |
| Udp Association | - | - | + |
| No authentication | + | + | + |
| Password Authentication | - | - | + |
| IPv4 Address type | + | - | + |
| Domain Address type | - | + | + |
| IPv6 Address type | - | - | + |
| Udp fragmentation | - | - | - |
NOTE: Bind implementation have random behavior and is not ready for production, although you can enable it in config.
| Restrictions Functionality | V4 | V4a | V5 |
|---|---|---|---|
| Whitelist for specific user | + | + | + |
| Blacklist for specific user | + | + | + |
| Prohibit specific command | + | + | + |
| Prohibit specific address type | - | - | + |
| Rate limiting for specific user | * | * | + |
| Maximum simultaneous connections limit for specific user | * | * | + |
| Timeout in seconds for specific protocol command | + | + | + |
NOTE: Socks v4 and v4a protocol not support authentication and users, but you can restrict it anyway.
- SOCKS V4 Protocol
- SOCKS V4a Protocol
- SOCKS V5 Protocol
- Password authentication for socks v5 protocol
For installation guide read the wiki.
- rs/zerolog - For logging to file and console.
- sarulabs/di - For dependency injection and management.
- go-playground/validator - For validating config.
- stretchr/testify - For testing assertions.
- emicpasic/gods - For data structures, like sets and maps.
- urfave/cli - For console argument parsing and management.
Please read CONTRIBUTING.md for details about contributing. See CODE_OF_CONDUCT.md for our code of conduct.
This project is licensed under the MIT License - see the LICENSE file for details
We tested only unix systems:
- Arch linux - during development
- Debian 10 - in production
We not sure that kneesocks will work with another platforms, but who knows? Maybe under certain circumstances it will work.