diff --git a/conf/frps.ini b/conf/frps.ini index e1e90418..4a6d47f8 100644 --- a/conf/frps.ini +++ b/conf/frps.ini @@ -19,6 +19,7 @@ log_max_days = 3 # if you enable privilege mode, frpc can create a proxy without pre-configure in frps when privilege_token is correct privilege_mode = true privilege_token = 12345678 +# only allow frpc to bind ports you list, if you set nothing, there won't be any limit privilege_allow_ports = 2000-3000,3001,3003,4000-50000 # pool_count in each proxy will change to max_pool_count if they exceed the maximum value max_pool_count = 100 diff --git a/src/cmd/frps/control.go b/src/cmd/frps/control.go index 7214d482..4c9910aa 100644 --- a/src/cmd/frps/control.go +++ b/src/cmd/frps/control.go @@ -251,11 +251,13 @@ func doLogin(req *msg.ControlReq, c *conn.Conn) (ret int64, info string) { // we check listen_port if privilege_allow_ports are set // and PrivilegeMode is enabled if s.Type == "tcp" { - _, ok := server.PrivilegeAllowPorts[s.ListenPort] - if !ok { - info = fmt.Sprintf("ProxyName [%s], remote_port [%d] isn't allowed", req.ProxyName, s.ListenPort) - log.Warn(info) - return + if len(server.PrivilegeAllowPorts) != 0 { + _, ok := server.PrivilegeAllowPorts[s.ListenPort] + if !ok { + info = fmt.Sprintf("ProxyName [%s], remote_port [%d] isn't allowed", req.ProxyName, s.ListenPort) + log.Warn(info) + return + } } } err := server.CreateProxy(s)