From cefb6cf48968122e09d7e21d38964347812dcc62 Mon Sep 17 00:00:00 2001
From: Just a baka <justabaka@gmail.com>
Date: Wed, 18 Apr 2018 18:57:32 +0700
Subject: [PATCH] deny access to local subnets

---
 dante/files/conf/dante.conf  | 16 ++++++++++++++++
 dante/files/conf/dante6.conf | 17 ++++++++++++++++-
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/dante/files/conf/dante.conf b/dante/files/conf/dante.conf
index 3b1e6f5..16bfed0 100644
--- a/dante/files/conf/dante.conf
+++ b/dante/files/conf/dante.conf
@@ -28,6 +28,22 @@ socks block {
     log: error
 }
 
+# deny access to private networks
+socks block {
+    from: 0.0.0.0/0 to: 10.0.0.0/8
+    log: error
+}
+
+socks block {
+    from: 0.0.0.0/0 to: 172.16.0.0/12
+    log: error
+}
+
+socks block {
+    from: 0.0.0.0/0 to: 192.168.0.0/16
+    log: error
+}
+
 # deny binding
 socks block {
     from: 0.0.0.0/0 to: 0.0.0.0/0
diff --git a/dante/files/conf/dante6.conf b/dante/files/conf/dante6.conf
index c21c4da..9d8ff12 100644
--- a/dante/files/conf/dante6.conf
+++ b/dante/files/conf/dante6.conf
@@ -33,6 +33,22 @@ socks block {
     log: error
 }
 
+# deny access to private networks
+socks block {
+    from: 0.0.0.0/0 to: 10.0.0.0/8
+    log: error
+}
+
+socks block {
+    from: 0.0.0.0/0 to: 172.16.0.0/12
+    log: error
+}
+
+socks block {
+    from: 0.0.0.0/0 to: 192.168.0.0/16
+    log: error
+}
+
 # deny binding
 socks block {
     from: 0/0 to: 0/0
@@ -143,4 +159,3 @@ socks block {
     from: ::/0 to: ::/0
     log: error
 }
-