[Feature Request] 限制入站源 IP #3713
Replies: 3 comments 6 replies
-
|
If you run On MacOS and Windows those may be under the name |
Beta Was this translation helpful? Give feedback.
-
|
You can do that in normal docker, but not in rootless docker. Rootless docker uses slirp4netns to virtualize network. When using |
Beta Was this translation helpful? Give feedback.
-
|
I would like to set a system-wide xray service that can be accessed by rootless docker engines of all users. |
Beta Was this translation helpful? Give feedback.
-
|
奇怪的场景,限制IP访问应该设置防火墙(IPtables、UFW或者Windows自带的防火墙),Xray的设置应该监听0.0.0.0 |
Beta Was this translation helpful? Give feedback.
-
|
idiot me... |
Beta Was this translation helpful? Give feedback.
-
|
Docker的话还是用虚拟机装个OpenWRT运行透明代理吧,防火墙设置在OpenWRT上 |
Beta Was this translation helpful? Give feedback.
-
{
"rules": [
{
"type": "field",
"inboundTag": [
"in-socks"
],
"source": [
// 允许的 IP 列表
"127.0.0.1",
"::1",
"192.168.1.2"
],
"outboundTag": "out-source-split" // 使其回到路由执行其他判断
},
{
// 来自其他来源的 socks 代理请求
"type": "field",
"inboundTag": [
"in-socks"
],
"outboundTag": "out-block" // 拒绝访问
},
{
// ...... 其他路由
"type": "field",
"inboundTag": [
"in-source-split"
],
"ip": [
"geoip:private"
],
"outboundTag": "out-direct"
}
// ...... 其他路由
]
}{
"outbounds": [
{
"protocol": "freedom",
"tag": "out-direct"
},
{
"protocol": "blackhole",
"tag": "out-block"
},
{
"protocol": "loopback",
"tag": "out-source-split",
"inboundTag": "in-source-split"
}
]
}入站监听 IP 应该是 |
Beta Was this translation helpful? Give feedback.
-
|
BTW, You may want to use |
Beta Was this translation helpful? Give feedback.
-
|
Thank you, edited. I used to think that GitHub didn't support jsonc for code blocks. |
Beta Was this translation helpful? Give feedback.
-
我希望开启一个 只允许本机访问 的 socks 入站。
通常,这是通过只监听
127.0.0.1来实现的。但是,我希望在本机运行的 docker 容器和其它 VM 也可以访问该 socks 服务,因此,该服务必须监听本机的局域网 IP 地址之一(例如
192.168.1.2)。这引发一个安全性问题,即,所有局域网设备都可以访问该服务。
是否可以增加一个配置选项,限制入站的源 IP 只能是本机(
192.168.1.2)而不能是局域网中的其它设备(如192.168.1.3)?Beta Was this translation helpful? Give feedback.
All reactions