Skip to content

G
gost
Commit 7e80ec6e authored by rui.zheng's avatar rui.zheng
Browse files
Options

update README

parent 3ed4a707
Hide whitespace changes
Inline Side-by-side
Showing with 175 additions and 93 deletions
README.md
View file @ 7e80ec6e
......@@ -12,15 +12,14 @@ gost - GO Simple Tunnel
* 支持标准HTTP/HTTPS/HTTP2/SOCKS4(A)/SOCKS5代理协议
* SOCKS5代理支持TLS协商加密
* Tunnel UDP over TCP
* 支持Shadowsocks协议
* Shadowsocks UDP relay (2.4+)
* 本地/远程TCP/UDP端口转发
* 支持Shadowsocks协议 (UDP: 2.4+)
* 本地/远程TCP/UDP端口转发 (2.1+)
* 支持KCP协议 (2.3+)
* TCP透明代理 (2.3+)
* HTTP2道 (2.4+)
* SSH道 (2.4+)
* QUIC道 (2.4+)
* obfs4道 (2.4+)
* HTTP2道 (2.4+)
* SSH道 (2.4+)
* QUIC道 (2.4+)
* obfs4道 (2.4+)
二进制文件下载:https://github.com/ginuerzh/gost/releases
......@@ -39,17 +38,17 @@ Google讨论组: https://groups.google.com/d/forum/go-gost
```
scheme分为两部分: protocol+transport
protocol: 代理协议类型(http, socks4(a), socks5, ss), transport: 数据传输方式(ws, wss, tls, quic, kcp, ssh, h2, h2c), 二者可以任意组合,或单独使用:
protocol: 代理协议类型(http, socks4(a), socks5, ss), transport: 数据传输方式(ws, wss, tls, quic, kcp, ssh, h2, h2c, obfs4), 二者可以任意组合,或单独使用:
> http - 标准HTTP代理: http://:8080
> https - 标准HTTPS代理(可能需要提供受信任的证书): https://:443或https://:443
> https - 标准HTTPS代理(可能需要提供受信任的证书): http+tls://:443或https://:443
> http2 - 标准HTTP2代理并向下兼容HTTPS: http2://:443
> h2 - HTTP2 h2道: h2://:443
> h2 - HTTP2 h2道: h2://:443
> h2c - HTTP2 h2c道: h2c://:443
> h2c - HTTP2 h2c道: h2c://:443
> socks4(a) - 标准SOCKS4(A)代理: socks4://:1080或socks4a://:1080
......@@ -63,15 +62,15 @@ protocol: 代理协议类型(http, socks4(a), socks5, ss), transport: 数据传
> ssu - Shadowsocks UDP relay: ssu://chacha20:123456@:8338
> quic - QUIC道: quic://:6121
> quic - QUIC道: quic://:6121
> kcp - KCP通道: kcp://:8388或kcp://aes:123456@:8388
> redirect - 透明代理: redirect://:12345
> ssh - SSH代理隧道: ssh://:2222,SSH转发隧道: forward+ssh://:2222
> ssh - SSH代理通道: ssh://:2222,SSH转发通道: forward+ssh://:2222
> obfs4 - obfs4道: obfs4://:8080
> obfs4 - obfs4道: obfs4://:8080
#### 端口转发
......@@ -162,14 +161,14 @@ gost -L=:8080 -F=http://admin:123456@192.168.1.1:8081
```bash
gost -L=:8080 -F=quic://192.168.1.1:6121 -F=socks5+wss://192.168.1.2:1080 -F=http2://192.168.1.3:443 ... -F=a.b.c.d:NNNN
```
gost按照-F设置的顺序通过代理链将请求最终转发给a.b.c.d:NNNN处理,每一个转发代理可以是任意HTTP/HTTPS/HTTP2/SOCKS5/Shadowsocks类型代理。
gost按照-F设置的顺序通过代理链将请求最终转发给a.b.c.d:NNNN处理,每一个转发代理可以是任意HTTP/HTTPS/HTTP2/SOCKS4/SOCKS5/Shadowsocks类型代理。
#### 本地端口转发(TCP)
```bash
gost -L=tcp://:2222/192.168.1.1:22 [-F=...]
```
将本地TCP端口2222上的数据(通过代理链)转发到192.168.1.1:22上。当代理链末端(最后一个-F参数)为SSH转发道类型时,gost会直接使用SSH的本地端口转发功能:
将本地TCP端口2222上的数据(通过代理链)转发到192.168.1.1:22上。当代理链末端(最后一个-F参数)为SSH转发道类型时,gost会直接使用SSH的本地端口转发功能:
```bash
gost -L=tcp://:2222/192.168.1.1:22 -F forward+ssh://:2222
......@@ -190,7 +189,7 @@ gost -L=udp://:5353/192.168.1.1:53?ttl=60 [-F=...]
```bash
gost -L=rtcp://:2222/192.168.1.1:22 [-F=...]
```
将172.24.10.1:2222上的数据(通过代理链)转发到192.168.1.1:22上。当代理链末端(最后一个-F参数)为SSH转发道类型时,gost会直接使用SSH的远程端口转发功能:
将172.24.10.1:2222上的数据(通过代理链)转发到192.168.1.1:22上。当代理链末端(最后一个-F参数)为SSH转发道类型时,gost会直接使用SSH的远程端口转发功能:
```bash
gost -L=rtcp://:2222/192.168.1.1:22 -F forward+ssh://:2222
......@@ -209,7 +208,7 @@ gost -L=rudp://:5353/192.168.1.1:53 [-F=...]
gost的HTTP2支持两种模式:
* 作为标准的HTTP2代理,并向下兼容HTTPS代理。
* 作为道传输其他协议。
* 作为道传输其他协议。
##### 代理模式
服务端:
......@@ -221,7 +220,7 @@ gost -L=http2://:443
gost -L=:8080 -F=http2://server_ip:443
```
##### 道模式
##### 道模式
服务端:
```bash
gost -L=h2://:443
......@@ -269,8 +268,8 @@ gost -L=kcp://:8388?c=/path/to/conf/file
#### SSH
gost的SSH支持两种模式:
* 作为转发道,配合本地/远程TCP端口转发使用。
* 作为道传输其他协议。
* 作为转发道,配合本地/远程TCP端口转发使用。
* 作为道传输其他协议。
##### 转发模式
服务端:
......@@ -282,7 +281,7 @@ gost -L=forward+ssh://:2222
gost -L=rtcp://:1222/:22 -F=forward+ssh://server_ip:2222
```
##### 道模式
##### 道模式
服务端:
```bash
gost -L=ssh://:2222
......@@ -337,7 +336,7 @@ gost -L=:8080 -F=http+tls://server_ip:443
#### HTTP2
gost的HTTP2代理模式仅支持使用TLS加密的HTTP2协议,不支持明文HTTP2传输。
gost的HTTP2道模式支持加密(h2)和明文(h2c)两种模式。
gost的HTTP2道模式支持加密(h2)和明文(h2c)两种模式。
#### SOCKS5
gost支持标准SOCKS5协议的no-auth(0x00)和user/pass(0x02)方法,并在此基础上扩展了两个:tls(0x80)和tls-auth(0x82),用于数据加密。
......@@ -382,11 +381,11 @@ gost内置了TLS证书,如果需要使用其他TLS证书,有两种方法:
gost -L="http2://:443?cert=/path/to/my/cert/file&key=/path/to/my/key/file"
```
对于客户端可以指定CA证书进行证书锁定(Certificate Pinning):
对于客户端可以指定CA证书进行[证书锁定](https://en.wikipedia.org/wiki/Transport_Layer_Security#Certificate_pinning)(Certificate Pinning):
```bash
gost -L=:8080 -F="http2://:443?ca=ca.pem"
```
功能由[@sheerun](https://github.com/sheerun)贡献
证书锁定功能由[@sheerun](https://github.com/sheerun)贡献
SOCKS5 UDP数据处理
------
......@@ -421,7 +420,7 @@ gost作为标准SOCKS5代理处理UDP数据
多组权限可以通过`+`进行连接:
`whitelist=rtcp,rudp:localhost,127.0.0.1:2222,8000-9000+udp:8.8.8.8,8.8.4.4:53`(允许TCP/UDP远程端口转发绑定到localhost,127.0.0.1的2222端口和8000-9000端口范围,同时允许UDP转发到8.8.8.8:53和8.8.4.4:53)
`whitelist=rtcp,rudp:localhost,127.0.0.1:2222,8000-9000+udp:8.8.8.8,8.8.4.4:53`(允许TCP/UDP远程端口转发绑定到localhost,127.0.0.1的2222端口和8000-9000端口范围,同时允许UDP转发到8.8.8.8:53和8.8.4.4:53)
SSH远程端口转发只能绑定到127.0.0.1:8000
```bash
......
README_en.md
View file @ 7e80ec6e
......@@ -7,16 +7,17 @@ Features
------
* Listening on multiple ports
* Multi-level forward proxy - proxy chain
* Standard HTTP/HTTPS/SOCKS4(A)/SOCKS5 proxy protocols support
* Standard HTTP/HTTPS/HTTP2/SOCKS4(A)/SOCKS5 proxy protocols support
* TLS encryption via negotiation support for SOCKS5 proxy
* Tunnel UDP over TCP
* Shadowsocks protocol support (OTA: 2.2+, UDP: 2.4+)
* Local/remote port forwarding (2.1+)
* HTTP 2.0 support (2.2+)
* Experimental QUIC support (2.3+)
* Shadowsocks protocol support (UDP: 2.4+)
* Local/remote TCP/UDP port forwarding (2.1+)
* KCP protocol support (2.3+)
* Transparent proxy (2.3+)
* Transparent TCP proxy (2.3+)
* HTTP2 tunnel (2.4+)
* SSH tunnel (2.4+)
* QUIC tunnel (2.4+)
* obfs4 tunnel (2.4+)
Binary file download:https://github.com/ginuerzh/gost/releases
......@@ -36,36 +37,40 @@ Effective for the -L and -F parameters
```
scheme can be divided into two parts: protocol+transport
protocol: proxy protocol types (http, socks4(a), socks5, shadowsocks),
transport: data transmission mode (ws, wss, tls, http2, quic, kcp, pht), may be used in any combination or individually:
protocol: proxy protocol types (http, socks4(a), socks5, ss),
transport: data transmission mode (ws, wss, tls, quic, kcp, ssh, h2, h2c, obfs4), may be used in any combination or individually:
> http - standard HTTP proxy: http://:8080
> http+tls - standard HTTPS proxy (may need to provide a trusted certificate): http+tls://:443 or https://:443
> https - standard HTTPS proxy (may need to provide a trusted certificate): http+tls://:443 or https://:443
> http2 - HTTP2 proxy and backwards-compatible with HTTPS proxy: http2://:443
> h2 - HTTP2 h2 tunnel: h2://:443
> h2c - HTTP2 h2c tunnel: h2c://:443
> socks4(a) - standard SOCKS4(A) proxy: socks4://:1080 or socks4a://:1080
> socks - standard SOCKS5 proxy: socks://:1080
> socks5 - standard SOCKS5 proxy: socks5://:1080
> socks+wss - SOCKS5 over websocket: socks+wss://:1080
> socks5+wss - SOCKS5 over websocket: socks5+wss://:1080
> tls - HTTPS/SOCKS5 over TLS: tls://:443
> tls - HTTPS/SOCKS4/SOCKS5 over TLS: tls://:443
> ss - standard shadowsocks proxy, ss://chacha20:123456@:8338
> ss - standard shadowsocks proxy: ss://chacha20:123456@:8338
> ssu - shadowsocks UDP relayssu://chacha20:123456@:8338
> ssu - shadowsocks UDP relay server: ssu://chacha20:123456@:8338
> quic - standard QUIC proxy, quic://:6121
> quic - QUIC tunnel: quic://:6121
> kcp - standard KCP tunnel,kcp://:8388 or kcp://aes:123456@:8388
> kcp - KCP tunnel: kcp://:8388 or kcp://aes:123456@:8388
> pht - plain HTTP tunnel, pht://:8080
> redirect - transparent proxy: redirect://:12345
> redirect - transparent proxy,redirect://:12345
> ssh - SSH proxy tunnel: ssh://:2222, SSH forward tunnel: forward+ssh://:2222
> ssh - SSH tunnel, ssh://admin:123456@:2222
> obfs4 - obfs4 tunnel: obfs4://:8080
#### Port forwarding
......@@ -82,6 +87,8 @@ scheme://[bind_address]:port/[host]:hostport
#### Configuration file
Contributed by [@septs](https://github.com/septs).
> -C : specifies the configuration file path
The configuration file is in standard JSON format:
......@@ -100,21 +107,13 @@ The configuration file is in standard JSON format:
ServeNodes is equivalent to the -L parameter, ChainNodes is equivalent to the -F parameter.
#### Logging
> -logtostderr : log to console
> -v=3 : log level (1-5),The higher the level, the more detailed the log (level 5 will enable HTTP2 debug)
> -log_dir=/log/dir/path : log to directory /log/dir/path
Usage
------
#### No forward proxy
<img src="https://ginuerzh.github.io/images/gost_01.png" />
* Standard HTTP/SOCKS5 proxy
* Standard HTTP/SOCKS4/SOCKS5 proxy
```bash
gost -L=:8080
```
......@@ -139,7 +138,7 @@ test002 12345678
* Listen on multiple ports
```bash
gost -L=http2://:443 -L=socks://:1080 -L=ss://aes-128-cfb:123456@:8338
gost -L=http2://:443 -L=socks5://:1080 -L=ss://aes-128-cfb:123456@:8338
```
#### Forward proxy
......@@ -158,50 +157,58 @@ gost -L=:8080 -F=http://admin:123456@192.168.1.1:8081
<img src="https://ginuerzh.github.io/images/gost_03.png" />
```bash
gost -L=:8080 -F=http+tls://192.168.1.1:443 -F=socks+ws://192.168.1.2:1080 -F=ss://aes-128-cfb:123456@192.168.1.3:8338 -F=a.b.c.d:NNNN
gost -L=:8080 -F=quic://192.168.1.1:6121 -F=socks5+wss://192.168.1.2:1080 -F=http2://192.168.1.3:443 ... -F=a.b.c.d:NNNN
```
Gost forwards the request to a.b.c.d:NNNN through the proxy chain in the order set by -F,
each forward proxy can be any HTTP/HTTPS/HTTP2/SOCKS5/Shadowsocks type.
each forward proxy can be any HTTP/HTTPS/HTTP2/SOCKS4/SOCKS5/Shadowsocks type.
#### Local TCP port forwarding
```bash
gost -L=tcp://:2222/192.168.1.1:22 -F=...
gost -L=tcp://:2222/192.168.1.1:22 [-F=...]
```
The data on the local TCP port 2222 is forwarded to 192.168.1.1:22 (through the proxy chain). If the last node of the chain (the last -F parameter) is a SSH forwad tunnel, then gost will use the local port forwarding function of SSH directly:
```bash
gost -L=tcp://:2222/192.168.1.1:22 -F forward+ssh://:2222
```
The data on the local TCP port 2222 is forwarded to 192.168.1.1:22 (through the proxy chain). If the last node of the chain (the last -F parameter) is a SSH tunnel, then gost will use the local port forwarding function of SSH directly.
#### Local UDP port forwarding
```bash
gost -L=udp://:5353/192.168.1.1:53?ttl=60 -F=...
gost -L=udp://:5353/192.168.1.1:53?ttl=60 [-F=...]
```
The data on the local UDP port 5353 is forwarded to 192.168.1.1:53 (through the proxy chain).
Each forwarding channel has a timeout period. When this time is exceeded and there is no data interaction during this time period, the channel will be closed. The timeout value can be set by the `ttl` parameter. The default value is 60 seconds.
**NOTE:** When forwarding UDP data, if there is a proxy chain, the end of the chain (the last -F parameter) must be gost SOCKS5 proxy.
**NOTE:** When forwarding UDP data, if there is a proxy chain, the end of the chain (the last -F parameter) must be gost SOCKS5 proxy, gost will use UDP-over-TCP to forward data.
#### Remote TCP port forwarding
```bash
gost -L=rtcp://:2222/192.168.1.1:22 -F=... -F=socks://172.24.10.1:1080
gost -L=rtcp://:2222/192.168.1.1:22 [-F=...]
```
The data on 172.24.10.1:2222 is forwarded to 192.168.1.1:22 (through the proxy chain). If the last node of the chain (the last -F parameter) is a SSH tunnel, then gost will use the remote port forwarding function of SSH directly:
```bash
gost -L=rtcp://:2222/192.168.1.1:22 -F forward+ssh://:2222
```
The data on 172.24.10.1:2222 is forwarded to 192.168.1.1:22 (through the proxy chain). If the last node of the chain (the last -F parameter) is a SSH tunnel, then gost will use the remote port forwarding function of SSH directly.
#### Remote UDP port forwarding
```bash
gost -L=rudp://:5353/192.168.1.1:53 -F=... -F=socks://172.24.10.1:1080
gost -L=rudp://:5353/192.168.1.1:53 [-F=...]
```
The data on 172.24.10.1:5353 is forwarded to 192.168.1.1:53 (through the proxy chain).
**NOTE:** To use the remote port forwarding feature, the proxy chain can not be empty (at least one -F parameter is set)
and the end of the chain (last -F parameter) must be gost SOCKS5 proxy.
**NOTE:** When forwarding UDP data, if there is a proxy chain, the end of the chain (the last -F parameter) must be gost SOCKS5 proxy, gost will use UDP-over-TCP to forward data.
#### HTTP2
Gost HTTP2 supports two modes and self-adapting:
Gost HTTP2 supports two modes:
* As a standard HTTP2 proxy, and backwards-compatible with the HTTPS proxy.
* As transport (similar to wss), tunnel other protocol.
* As a transport tunnel.
##### Standard proxy
Server:
```bash
gost -L=http2://:443
......@@ -211,11 +218,15 @@ Client:
gost -L=:8080 -F=http2://server_ip:443?ping=30
```
The client supports the `ping` parameter to enable heartbeat detection (which is disabled by default).
Parameter value represents heartbeat interval seconds.
**NOTE:** The proxy chain of gost supports only one HTTP2 proxy node and the nearest rule applies,
the first HTTP2 proxy node is treated as an HTTP2 proxy, and the other HTTP2 proxy nodes are treated as HTTPS proxies.
##### Tunnel
服务端:
```bash
gost -L=h2://:443
```
客户端:
```bash
gost -L=:8080 -F=h2://server_ip:443
```
#### QUIC
Support for QUIC is based on library [quic-go](https://github.com/lucas-clemente/quic-go).
......@@ -224,12 +235,12 @@ Server:
```bash
gost -L=quic://:6121
```
Client(Chrome):
Client:
```bash
chrome --enable-quic --proxy-server=quic://server_ip:6121
gost -L=:8080 -F=quic://server_ip:6121
```
**NOTE:** Due to Chrome's limitations, it is currently only possible to access the HTTP (but not HTTPS) site through QUIC.
**NOTE:** QUIC node can only be used as the first node of the proxy chain.
#### KCP
Support for KCP is based on libraries [kcp-go](https://github.com/xtaci/kcp-go) and [kcptun](https://github.com/xtaci/kcptun).
......@@ -243,25 +254,41 @@ Client:
gost -L=:8080 -F=kcp://server_ip:8388
```
Or manually specify the encryption method and password (Manually specifying the encryption method and password overwrites the corresponding value in the configuration file)
Gost will automatically load kcp.json configuration file from current working directory if exists,
or you can use the parameter to specify the path to the file.
```bash
gost -L=kcp://:8388?c=/path/to/conf/file
```
**NOTE:** KCP node can only be used as the first node of the proxy chain.
#### SSH
Gost SSH supports two modes:
* As a forward tunnel, used by local/remote TCP port forwarding.
* As a transport tunnel.
##### Forward tunnel
Server:
```bash
gost -L=kcp://aes:123456@:8388
gost -L=forward+ssh://:2222
```
Client:
```bash
gost -L=:8080 -F=kcp://aes:123456@server_ip:8388
gost -L=rtcp://:1222/:22 -F=forward+ssh://server_ip:2222
```
Gost will automatically load kcp.json configuration file from current working directory if exists,
or you can use the parameter to specify the path to the file.
##### Transport tunnel
Server:
```bash
gost -L=kcp://:8388?c=/path/to/conf/file
gost -L=ssh://:2222
```
Client:
```bash
gost -L=:8080 -F=ssh://server_ip:2222?ping=60
```
**NOTE:** KCP will be enabled if and only if the proxy chain is not empty and the first proxy node (the first -F parameter) is of type KCP.
The client supports the ping parameter to enable heartbeat detection (which is disabled by default). Parameter value represents heartbeat interval seconds.
#### Transparent proxy
Iptables-based transparent proxy
......@@ -270,6 +297,25 @@ Iptables-based transparent proxy
gost -L=redirect://:12345 -F=http2://server_ip:443
```
#### obfs4
Contributed by [@isofew](https://github.com/isofew).
Server:
```bash
gost -L=obfs4://:443
```
When the server is running normally, the console prints out the connection address for the client to use:
```
obfs4://:443/?cert=4UbQjIfjJEQHPOs8vs5sagrSXx1gfrDCGdVh2hpIPSKH0nklv1e4f29r7jb91VIrq4q5Jw&iat-mode=0
```
Client:
```
gost -L=:8888 -F='obfs4://server_ip:443?cert=4UbQjIfjJEQHPOs8vs5sagrSXx1gfrDCGdVh2hpIPSKH0nklv1e4f29r7jb91VIrq4q5Jw&iat-mode=0'
```
Encryption Mechanism
------
#### HTTP
......@@ -285,8 +331,9 @@ gost -L=:8080 -F=http+tls://server_ip:443
```
#### HTTP2
Gost supports only the HTTP2 protocol that uses TLS encryption (h2) and does not support plaintext HTTP2 (h2c) transport.
Gost HTTP2 proxy mode only supports the use of TLS encrypted HTTP2 protocol, does not support plaintext HTTP2.
Gost HTTP2 tunnel mode supports both encryption (h2) and plaintext (h2c) modes.
#### SOCKS5
Gost supports the standard SOCKS5 protocol methods: no-auth (0x00) and user/pass (0x02),
......@@ -304,22 +351,20 @@ gost -L=:8080 -F=socks://server_ip:1080
If both ends are gosts (as example above), the data transfer will be encrypted (using tls or tls-auth).
Otherwise, use standard SOCKS5 for communication (no-auth or user/pass).
**NOTE:** If transport already supports encryption (wss, tls, http2, kcp), SOCKS5 will no longer use the encryption method to prevent unnecessary double encryption.
#### Shadowsocks
Support for shadowsocks is based on library [shadowsocks-go](https://github.com/shadowsocks/shadowsocks-go).
Server (The OTA mode can be enabled by the ota parameter. When enabled, the client must use OTA mode):
Server:
```bash
gost -L=ss://aes-128-cfb:123456@:8338?ota=1
gost -L=ss://aes-128-cfb:123456@:8338
```
Client (The OTA mode can be enabled by the ota parameter):
Client:
```bash
gost -L=:8080 -F=ss://aes-128-cfb:123456@server_ip:8338?ota=1
gost -L=:8080 -F=ss://aes-128-cfb:123456@server_ip:8338
```
##### Shadowsocks UDP relay
Currently, only the server supports UDP, and only OTA mode is supported.
Currently, only the server supports UDP Relay.
Server:
```bash
......@@ -334,6 +379,13 @@ There is built-in TLS certificate in gost, if you need to use other TLS certific
gost -L="http2://:443?cert=/path/to/my/cert/file&key=/path/to/my/key/file"
```
For client, you can specify a CA certificate to allow for [Certificate Pinning](https://en.wikipedia.org/wiki/Transport_Layer_Security#Certificate_pinning):
```bash
gost -L=:8080 -F="http2://:443?ca=ca.pem"
```
Certificate Pinning is contributed by [@sheerun](https://github.com/sheerun).
SOCKS5 UDP Data Processing
------
#### No forward proxy
......@@ -350,7 +402,38 @@ Gost acts as the standard SOCKS5 proxy for UDP relay.
<img src="https://ginuerzh.github.io/images/udp03.png" height=200 />
When forward proxies are set, gost uses UDP-over-TCP to forward UDP data, proxy1 to proxyN can be any HTTP/HTTPS/HTTP2/SOCKS5/Shadowsocks type.
When forward proxies are set, gost uses UDP-over-TCP to forward UDP data, proxy1 to proxyN can be any HTTP/HTTPS/HTTP2/SOCKS4/SOCKS5/Shadowsocks type.
Permission control
------
Contributed by [@sheerun](https://github.com/sheerun).
One can pass available permissions with `whitelist` and `blacklist` values when starting a socks and ssh server. The format for each rule is as follows: `[actions]:[hosts]:[ports]`.
`[actions]` are comma-separted list of allowed actions: `rtcp`, `rudp`, `tcp`, `udp`. can be `*` to encompass all actions.
`[hosts]` are comma-separated list of allowed hosts that one can bind on (in case of `rtcp` and `rudp`), or forward to (incase of `tcp` and `udp`). hosts support globs, like `*.google.com`. can be `*` to encompass all hosts.
`[ports]` are comma-separated list of ports that one can bind to (in case of `rtcp` and `rudp`), or forward to (incase of `tcp` and `udp`), can be `*` to encompass all ports.
Multiple permissions can be passed if seperated with `+`:
`rtcp,rudp:localhost,127.0.0.1:2222,8000-9000+udp:8.8.8.8,8.8.4.4:53` (allow for reverse tcp and udp binding on localhost and 127.0.0.1 on ports 2222 and 8000-9000 port range, plus allow for udp forwarding to 8.8.8.8 and 8.8.4.4 on port 53)
SSH remote port forwarding can only bind on 127.0.0.1:8000
```bash
gost -L=forward+ssh://localhost:8389?whitelist=rtcp:127.0.0.1:8000
```
SOCKS5 TCP/UDP remote port forwarding can only bind on ports greater than 1000
```bash
gost -L=socks://localhost:8389?blacklist=rtcp,rudp:*:0-1000
```
SOCKS5 UDP forwading can only forward to 8.8.8.8:53
```bash
gost -L=socks://localhost:8389?whitelist=udp:8.8.8.8:53
```
Limitation
------
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment