logoutput: syslog /var/log/dante

internal: 192.168.2.2 port = 1080
external: 192.168.2.2

method: username none #rfc931

user.privileged: sockd
user.notprivileged: sockd

compatibility: sameport

# -----------------------------------------------------------
# welche Clients 

# (1) erlaubte Clients
client pass {
        from: 192.168.1.0/24 port 1-65535 
        to: 0.0.0.0/0
        method: none 
}

# (2) keine sonstigen Clients erlaubt
client block {
        from: 0.0.0.0/0 
        to: 0.0.0.0/0
        log: connect error
}

# -----------------------------------------------------------
# welche Dienste

# (3) loopback am Server ???
block {
        from: 0.0.0.0/0 to: 127.0.0.0/8
        log: connect error
}

# (4) alle Bind Requests
block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bind
        log: connect error
}

# (5) Rückkanal für bestimmte Antwortpakete
pass {
        from: 0.0.0.0/0 to: 192.168.1.0/24
        command: bindreply udpreply
        log: connect error
}

# (6) Namensauflösung für alle internen Clients
pass {
        from: 192.168.1.0/24 to: 0.0.0.0/0 port = domain
        log: connect error
        method: none
}

# (7) alle internen Clients dürfen surfen
pass {
        from: 192.168.1.0/24 to: 0.0.0.0/0 port = http
        log: connect error
        method: none
}

# (8) nur ein Client darf mehr ...
pass {
        from: 192.168.1.9/32 to: 0.0.0.0/0
        protocol: tcp udp
}

# (9) Ausputzer: alles sonstige sperren
block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}