psocks

Filtering asynchronous SOCKS5 (TCP/UDP) proxy server based on fast-socks5, featuring allowlist-based access control that drops everything except what is allowed by the user. Includes JSON/API based on Rocket framework.

Goals

Ad/tracking protection (before sending a DNS request)
Reduce CPU usage by filtering extra SSL traffic on background

Roadmap

SOCKS5 (TCP/UDP) server
Web JSON/API
Web UI

Usage

RUST_LOG=trace cargo run -- --allow=http://localhost/allow.txt \
                            --allow=/path/to/allow.txt \
                            no-auth

set socks5://127.0.0.1:1080 proxy in your application
use http://127.0.0.1:8010 for API:
- /api/allow/<domain.com> - add rule to the current session
- /api/block/<domain.com> - delete rule from the current session
- /api/rules - return active rules (from server memory)
- /api/lists - get parsed lists with its ID
- /api/list/<ID> - get all parsed rules for list ID (see /api/lists)

Allow list example

# /path/to/allow.txt

// exact match
duckduckgo.com

// google.com with subdomains
.google.com

// IP
1.2.3.4

see also: my personal asset

systemd

git clone https://codeberg.org/postscriptum/psocks.git
cd psocks
cargo build --release --locked
sudo install target/release/psocks /usr/local/bin
sudo useradd -s /usr/sbin/nologin -Mr psocks
sudo mkdir /var/log/psocks && sudo chown psocks:psocks /var/log/psocks

#/etc/systemd/system/psocks.service

[Unit]
After=network-online.target
Wants=network-online.target

[Service]
User=psocks
Group=psocks

ExecStart=/usr/local/bin/psocks \
              -a=http://localhost/allow.txt \
              no-auth

Restart=always

Environment="RUST_LOG=psocks=warn"
Environment="NO_COLOR=1"

StandardOutput=file:///var/log/psocks/debug.log
StandardError=file:///var/log/psocks/error.log

[Install]
WantedBy=multi-user.target

sudo systemctl restart psocks
sudo systemctl enable psocks
sudo systemctl status psocks

2.2 KiB Raw Blame History