From c0361e652222cb44b63e7523b005df91c41e0c4f Mon Sep 17 00:00:00 2001 From: ty Date: Thu, 12 Jun 2025 10:10:09 +0800 Subject: [PATCH] fix(shadowsocks-service): ACL host rule resolved IP check return if matched --- crates/shadowsocks-service/src/acl/mod.rs | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/crates/shadowsocks-service/src/acl/mod.rs b/crates/shadowsocks-service/src/acl/mod.rs index 226f744d..83208cac 100644 --- a/crates/shadowsocks-service/src/acl/mod.rs +++ b/crates/shadowsocks-service/src/acl/mod.rs @@ -565,7 +565,13 @@ impl AccessControl { } if let Ok(vaddr) = context.dns_resolve(host, port).await { for addr in vaddr { - if !self.check_ip_in_proxy_list(&addr.ip()) { + let ip = addr.ip(); + if self.black_list.check_ip_matched(&ip) { + // If IP is in black_list, it should be bypassed + return false; + } + if self.white_list.check_ip_matched(&ip) { + // If IP is in white_list, it should be proxied return true; } } @@ -614,9 +620,15 @@ impl AccessControl { if let Ok(vaddr) = context.dns_resolve(host, *port).await { for addr in vaddr { - if self.check_outbound_ip_blocked(&addr.ip()) { + let ip = addr.ip(); + if self.outbound_block.check_ip_matched(&ip) { + // If IP is in outbound_block, it should be blocked return true; } + if self.outbound_allow.check_ip_matched(&ip) { + // If IP is in outbound_allow, it should be allowed + return false; + } } }