diff --git a/README.md b/README.md index 2ecdd25..ca1ed5c 100644 --- a/README.md +++ b/README.md @@ -31,8 +31,7 @@ frp is a fast reverse proxy to help you expose a local server behind a NAT or fi * [Encryption and Compression](#encryption-and-compression) * [Hot-Reload frpc configuration](#hot-reload-frpc-configuration) * [Get proxy status from client](#get-proxy-status-from-client) - * [Privilege Mode](#privilege-mode) - * [Port White List](#port-white-list) + * [Port White List](#port-white-list) * [TCP Stream Multiplexing](#tcp-stream-multiplexing) * [Support KCP Protocol](#support-kcp-protocol) * [Connection Pool](#connection-pool) @@ -42,6 +41,7 @@ frp is a fast reverse proxy to help you expose a local server behind a NAT or fi * [Custom subdomain names](#custom-subdomain-names) * [URL routing](#url-routing) * [Connect frps by HTTP PROXY](#connect-frps-by-http-proxy) + * [Range ports mapping](#range-ports-mapping) * [Plugin](#plugin) * [Development Plan](#development-plan) * [Contributing](#contributing) @@ -422,21 +422,17 @@ Then run command `frpc reload -c ./frpc.ini` and wait for about 10 seconds to le Use `frpc status -c ./frpc.ini` to get status of all proxies. You need to set admin port in frpc's configure file. -### Privilege Mode +### Port White List -Privilege mode is the default and only mode support in frp since v0.10.0. All proxy configurations are set in client. - -#### Port White List - -`privilege_allow_ports` in frps.ini is used for preventing abuse of ports: +`allow_ports` in frps.ini is used for preventing abuse of ports: ```ini # frps.ini [common] -privilege_allow_ports = 2000-3000,3001,3003,4000-50000 +allow_ports = 2000-3000,3001,3003,4000-50000 ``` -`privilege_allow_ports` consists of a specific port or a range of ports divided by `,`. +`allow_ports` consists of a specific port or a range of ports divided by `,`. ### TCP Stream Multiplexing diff --git a/README_zh.md b/README_zh.md index fe84354..ee11011 100644 --- a/README_zh.md +++ b/README_zh.md @@ -29,8 +29,7 @@ frp 是一个可用于内网穿透的高性能的反向代理应用,支持 tcp * [加密与压缩](#加密与压缩) * [客户端热加载配置文件](#客户端热加载配置文件) * [客户端查看代理状态](#客户端查看代理状态) - * [特权模式](#特权模式) - * [端口白名单](#端口白名单) + * [端口白名单](#端口白名单) * [TCP 多路复用](#tcp-多路复用) * [底层通信可选 kcp 协议](#底层通信可选-kcp-协议) * [连接池](#连接池) @@ -450,21 +449,17 @@ admin_port = 7400 frpc 支持通过 `frpc status -c ./frpc.ini` 命令查看代理的状态信息,此功能需要在 frpc 中配置 admin 端口。 -### 特权模式 +### 端口白名单 -由于从 v0.10.0 版本开始,所有 proxy 都在客户端配置,原先的特权模式是目前唯一支持的模式。 - -#### 端口白名单 - -为了防止端口被滥用,可以手动指定允许哪些端口被使用,在 frps.ini 中通过 privilege_allow_ports 来指定: +为了防止端口被滥用,可以手动指定允许哪些端口被使用,在 frps.ini 中通过 `allow_ports` 来指定: ```ini # frps.ini [common] -privilege_allow_ports = 2000-3000,3001,3003,4000-50000 +allow_ports = 2000-3000,3001,3003,4000-50000 ``` -privilege_allow_ports 可以配置允许使用的某个指定端口或者是一个范围内的所有端口,以 `,` 分隔,指定的范围以 `-` 分隔。 +`allow_ports` 可以配置允许使用的某个指定端口或者是一个范围内的所有端口,以 `,` 分隔,指定的范围以 `-` 分隔。 ### TCP 多路复用 diff --git a/conf/frps_full.ini b/conf/frps_full.ini index a808cc3..34a48db 100644 --- a/conf/frps_full.ini +++ b/conf/frps_full.ini @@ -47,7 +47,7 @@ token = 12345678 # heartbeat_timeout = 90 # only allow frpc to bind ports you list, if you set nothing, there won't be any limit -privilege_allow_ports = 2000-3000,3001,3003,4000-50000 +allow_ports = 2000-3000,3001,3003,4000-50000 # pool_count in each proxy will change to max_pool_count if they exceed the maximum value max_pool_count = 5 diff --git a/models/config/server_common.go b/models/config/server_common.go index 20b37d8..19e1a1d 100644 --- a/models/config/server_common.go +++ b/models/config/server_common.go @@ -68,40 +68,40 @@ type ServerCommonConf struct { SubDomainHost string `json:"subdomain_host"` TcpMux bool `json:"tcp_mux"` - PrivilegeAllowPorts map[int]struct{} - MaxPoolCount int64 `json:"max_pool_count"` - MaxPortsPerClient int64 `json:"max_ports_per_client"` - HeartBeatTimeout int64 `json:"heart_beat_timeout"` - UserConnTimeout int64 `json:"user_conn_timeout"` + AllowPorts map[int]struct{} + MaxPoolCount int64 `json:"max_pool_count"` + MaxPortsPerClient int64 `json:"max_ports_per_client"` + HeartBeatTimeout int64 `json:"heart_beat_timeout"` + UserConnTimeout int64 `json:"user_conn_timeout"` } func GetDefaultServerConf() *ServerCommonConf { return &ServerCommonConf{ - BindAddr: "0.0.0.0", - BindPort: 7000, - BindUdpPort: 0, - KcpBindPort: 0, - ProxyBindAddr: "0.0.0.0", - VhostHttpPort: 0, - VhostHttpsPort: 0, - DashboardAddr: "0.0.0.0", - DashboardPort: 0, - DashboardUser: "admin", - DashboardPwd: "admin", - AssetsDir: "", - LogFile: "console", - LogWay: "console", - LogLevel: "info", - LogMaxDays: 3, - Token: "", - AuthTimeout: 900, - SubDomainHost: "", - TcpMux: true, - PrivilegeAllowPorts: make(map[int]struct{}), - MaxPoolCount: 5, - MaxPortsPerClient: 0, - HeartBeatTimeout: 90, - UserConnTimeout: 10, + BindAddr: "0.0.0.0", + BindPort: 7000, + BindUdpPort: 0, + KcpBindPort: 0, + ProxyBindAddr: "0.0.0.0", + VhostHttpPort: 0, + VhostHttpsPort: 0, + DashboardAddr: "0.0.0.0", + DashboardPort: 0, + DashboardUser: "admin", + DashboardPwd: "admin", + AssetsDir: "", + LogFile: "console", + LogWay: "console", + LogLevel: "info", + LogMaxDays: 3, + Token: "", + AuthTimeout: 900, + SubDomainHost: "", + TcpMux: true, + AllowPorts: make(map[int]struct{}), + MaxPoolCount: 5, + MaxPortsPerClient: 0, + HeartBeatTimeout: 90, + UserConnTimeout: 10, } } @@ -232,16 +232,16 @@ func UnmarshalServerConfFromIni(defaultCfg *ServerCommonConf, content string) (c cfg.Token, _ = conf.Get("common", "token") - if allowPortsStr, ok := conf.Get("common", "privilege_allow_ports"); ok { + if allowPortsStr, ok := conf.Get("common", "allow_ports"); ok { // e.g. 1000-2000,2001,2002,3000-4000 ports, errRet := util.ParseRangeNumbers(allowPortsStr) if errRet != nil { - err = fmt.Errorf("Parse conf error: privilege_allow_ports: %v", errRet) + err = fmt.Errorf("Parse conf error: allow_ports: %v", errRet) return } for _, port := range ports { - cfg.PrivilegeAllowPorts[int(port)] = struct{}{} + cfg.AllowPorts[int(port)] = struct{}{} } } diff --git a/server/service.go b/server/service.go index 82b1a35..48f49e0 100644 --- a/server/service.go +++ b/server/service.go @@ -76,8 +76,8 @@ func NewService() (svr *Service, err error) { ctlManager: NewControlManager(), pxyManager: NewProxyManager(), visitorManager: NewVisitorManager(), - tcpPortManager: NewPortManager("tcp", cfg.ProxyBindAddr, cfg.PrivilegeAllowPorts), - udpPortManager: NewPortManager("udp", cfg.ProxyBindAddr, cfg.PrivilegeAllowPorts), + tcpPortManager: NewPortManager("tcp", cfg.ProxyBindAddr, cfg.AllowPorts), + udpPortManager: NewPortManager("udp", cfg.ProxyBindAddr, cfg.AllowPorts), } // Init assets. diff --git a/tests/conf/auto_test_frps.ini b/tests/conf/auto_test_frps.ini index 193a108..fc62c39 100644 --- a/tests/conf/auto_test_frps.ini +++ b/tests/conf/auto_test_frps.ini @@ -5,5 +5,5 @@ vhost_http_port = 10804 log_file = ./frps.log log_level = debug token = 123456 -privilege_allow_ports = 10000-20000,20002,30000-50000 +allow_ports = 10000-20000,20002,30000-50000 subdomain_host = sub.com diff --git a/tests/func_test.go b/tests/func_test.go index 4da7416..94b1d04 100644 --- a/tests/func_test.go +++ b/tests/func_test.go @@ -209,7 +209,7 @@ func TestWebSocket(t *testing.T) { assert.Equal(TEST_HTTP_NORMAL_STR, string(msg)) } -func TestPrivilegeAllowPorts(t *testing.T) { +func TestAllowPorts(t *testing.T) { assert := assert.New(t) // Port not allowed status, err := getProxyStatus(ProxyTcpPortNotAllowed)