Block Connection to localhost - renfufei/shadowsocks GitHub Wiki
From 2.6.7, localhost is blocked by default. If you don't want it, use --forbidden-ip=""
.
From 2.6.3, you can prevent the server from connecting to some IP like 127.0.0.1.
ssserver -c /etc/shadowsocks.json --forbidden-ip 127.0.0.1,::1
Notice only IPv4 and IPv6 addresses are allowed. Blocking will be processed after DNS.
This is because if a client tries to visit a hostname, like localhost
or a domain name
a user has pointed to 127.0.0.1, it will be resolved into 127.0.0.1
or ::1
.
Thus it will still get blocked.