From 250297b94b273ffb85a6e02a79f0565747c2eb7d Mon Sep 17 00:00:00 2001
From: Max Lv <max.c.lv@gmail.com>
Date: Mon, 21 Jan 2019 17:59:17 +0800
Subject: [PATCH] Add an example ACL for blocking private addresses

---
 acl/local.acl              |  4 ++--
 acl/server_block_local.acl | 11 +++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)
 create mode 100644 acl/server_block_local.acl

diff --git a/acl/local.acl b/acl/local.acl
index 6484f768..d759640d 100644
--- a/acl/local.acl
+++ b/acl/local.acl
@@ -1,8 +1,8 @@
 [reject_all]
 
 [white_list]
-127.0.0.1
-::1
+127.0.0.0/8
+::1/128
 10.0.0.0/8
 172.16.0.0/12
 192.168.0.0/16
diff --git a/acl/server_block_local.acl b/acl/server_block_local.acl
new file mode 100644
index 00000000..71032677
--- /dev/null
+++ b/acl/server_block_local.acl
@@ -0,0 +1,11 @@
+# All IPs listed here will be blocked while the ss-server try to outbound.
+# Only IP is allowed, *NOT* domain name.
+#
+
+[outbound_block_list]
+127.0.0.0/8
+::1/128
+10.0.0.0/8
+172.16.0.0/12
+192.168.0.0/16
+fc00::/7