Block Connection to localhost

clowwindy edited this page Feb 3, 2015 · 2 revisions

From 2.6.7, localhost is blocked by default. If you don't want it, use --forbidden-ip="".

From 2.6.3, you can prevent the server from connecting to some IP like

ssserver -c /etc/shadowsocks.json --forbidden-ip,::1

Notice only IPv4 and IPv6 addresses are allowed. Blocking will be processed after DNS.

This is because if a client tries to visit a hostname, like localhost or a domain name a user has pointed to, it will be resolved into or ::1. Thus it will still get blocked.