-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
shadowsocks-libev: added support for ACL #20647
Conversation
@yousong, please review |
@@ -307,7 +308,8 @@ validate_ss_server_section() { | |||
'local_address:ipaddr' \ | |||
'local_ipv4_address:ip4addr' \ | |||
'local_ipv6_address:ip6addr' \ | |||
'bind_address:ipaddr' | |||
'bind_address:ipaddr' \ | |||
'acl:string' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the value supposed to be a path to the acl file? Consider using something like dst_ips_bypass_file:file
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My guess is that the option should be set at the client side. That is validate_common_client_options_
, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the value supposed to be a path to the acl file? Consider using something like
dst_ips_bypass_file:file
Changed the type from string
to file
My guess is that the option should be set at the client side. That is
validate_common_client_options_
, right?
According to docs, ACL is only available in local and server mode. At least I use it for ssserver
. So added to validate_ss_server_section
and validate_ss_local_section
.
Please also increment PKG_RELEASE variable for the package Makefile. If you are also a user of luci-app-shadowsocks-libev, please consider adding support for this newly-added field there. |
PKG_RELEASE incremented. |
Signed-off-by: Kirill Fertikov <kirill.fertikov@gmail.com>
Link: #20647 Signed-off-by: Kirill Fertikov <kirill.fertikov@gmail.com> [indentation fix] Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Hi @fertkir , The change was just applied after an indention fix. Thank you! |
Link: openwrt/packages#20647 Signed-off-by: Kirill Fertikov <kirill.fertikov@gmail.com> [indentation fix] Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Added ability to pass an Access Control List (--acl param) to forbid access to specified IP addresses
Maintainer: @yousong
Compile tested: didn't compile, since this is only an init-file change
Run tested: MediaTek MT7628AN ver:1 eco:2, TP-Link TL-WR841N v13, OpenWrt 22.03.3 r20028-43d71ad93e